Malware Analysis Report

2024-10-10 09:37

Sample ID 240625-lb1z6s1dna
Target 4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe
SHA256 4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477
Tags
kpot xmrig miner stealer trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477

Threat Level: Known bad

The file 4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe was found to be: Known bad.

Malicious Activity Summary

kpot xmrig miner stealer trojan upx

KPOT

Xmrig family

Kpot family

KPOT Core Executable

XMRig Miner payload

xmrig

XMRig Miner payload

UPX packed file

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Unsigned PE

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-25 09:22

Signatures

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A

Kpot family

kpot

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A

Xmrig family

xmrig

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-25 09:22

Reported

2024-06-25 09:25

Platform

win10v2004-20240226-en

Max time kernel

142s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\lrWufOA.exe N/A
N/A N/A C:\Windows\System\mINZRPx.exe N/A
N/A N/A C:\Windows\System\NtFnvYt.exe N/A
N/A N/A C:\Windows\System\aIGhjEm.exe N/A
N/A N/A C:\Windows\System\CqwqavI.exe N/A
N/A N/A C:\Windows\System\tyDMdrK.exe N/A
N/A N/A C:\Windows\System\rOqaudz.exe N/A
N/A N/A C:\Windows\System\OsUgAzW.exe N/A
N/A N/A C:\Windows\System\ddmpZqh.exe N/A
N/A N/A C:\Windows\System\ixAYhhc.exe N/A
N/A N/A C:\Windows\System\lGvkUdU.exe N/A
N/A N/A C:\Windows\System\aTNBcMh.exe N/A
N/A N/A C:\Windows\System\SLuhtVB.exe N/A
N/A N/A C:\Windows\System\XPtatgH.exe N/A
N/A N/A C:\Windows\System\AqUACWZ.exe N/A
N/A N/A C:\Windows\System\NWjjwWE.exe N/A
N/A N/A C:\Windows\System\nhAaImE.exe N/A
N/A N/A C:\Windows\System\HYIijuB.exe N/A
N/A N/A C:\Windows\System\qiahHhr.exe N/A
N/A N/A C:\Windows\System\YbIGQqK.exe N/A
N/A N/A C:\Windows\System\oIyzzKy.exe N/A
N/A N/A C:\Windows\System\ShMLPvf.exe N/A
N/A N/A C:\Windows\System\dQHhcKI.exe N/A
N/A N/A C:\Windows\System\lbucXOt.exe N/A
N/A N/A C:\Windows\System\wOAWQnz.exe N/A
N/A N/A C:\Windows\System\irWhHuH.exe N/A
N/A N/A C:\Windows\System\ZMtycoi.exe N/A
N/A N/A C:\Windows\System\xGXVSrP.exe N/A
N/A N/A C:\Windows\System\IQxVNNW.exe N/A
N/A N/A C:\Windows\System\uSHedxQ.exe N/A
N/A N/A C:\Windows\System\raSBlpJ.exe N/A
N/A N/A C:\Windows\System\ABLnFku.exe N/A
N/A N/A C:\Windows\System\qWJOkox.exe N/A
N/A N/A C:\Windows\System\JbywfXM.exe N/A
N/A N/A C:\Windows\System\WqMLMhE.exe N/A
N/A N/A C:\Windows\System\HpwPmuU.exe N/A
N/A N/A C:\Windows\System\RUjWsDt.exe N/A
N/A N/A C:\Windows\System\kuCdleZ.exe N/A
N/A N/A C:\Windows\System\jczdUtU.exe N/A
N/A N/A C:\Windows\System\qoZwLBe.exe N/A
N/A N/A C:\Windows\System\uuwFUYj.exe N/A
N/A N/A C:\Windows\System\XYxSbZI.exe N/A
N/A N/A C:\Windows\System\aOzAAys.exe N/A
N/A N/A C:\Windows\System\WNixvxJ.exe N/A
N/A N/A C:\Windows\System\QxwykNx.exe N/A
N/A N/A C:\Windows\System\TRHoiFK.exe N/A
N/A N/A C:\Windows\System\LfNRkkg.exe N/A
N/A N/A C:\Windows\System\iWOYvVG.exe N/A
N/A N/A C:\Windows\System\DsaxaRW.exe N/A
N/A N/A C:\Windows\System\MkaWzXF.exe N/A
N/A N/A C:\Windows\System\NxEiDMM.exe N/A
N/A N/A C:\Windows\System\OCaEmCL.exe N/A
N/A N/A C:\Windows\System\wIpVKJr.exe N/A
N/A N/A C:\Windows\System\ttFDFEX.exe N/A
N/A N/A C:\Windows\System\uFbVQWT.exe N/A
N/A N/A C:\Windows\System\ubwssBe.exe N/A
N/A N/A C:\Windows\System\UAbtuvF.exe N/A
N/A N/A C:\Windows\System\WXzZRbl.exe N/A
N/A N/A C:\Windows\System\iOdPsTo.exe N/A
N/A N/A C:\Windows\System\MZpAFZG.exe N/A
N/A N/A C:\Windows\System\QnsGrbL.exe N/A
N/A N/A C:\Windows\System\ZUHFUJt.exe N/A
N/A N/A C:\Windows\System\OtZJgwG.exe N/A
N/A N/A C:\Windows\System\xcWeCeU.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\SAmxrIi.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\dQHhcKI.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\uSHedxQ.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\VdWRvUh.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\euGDfLy.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\bsOikkK.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\vRpgxVR.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\uuwFUYj.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\auOrgpb.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\nzFWGez.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\sPmnsOO.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\NWjjwWE.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\wOAWQnz.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\geTbbQL.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\CtBppya.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\UsQGdoq.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\caTcsCa.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\GrCXnhQ.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\uNwyBIq.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\kuGRXpw.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\GkqRLKx.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\FxIBNoy.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\XPtatgH.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\yvnNOIj.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\sYsJwpI.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\sKNoDtR.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\WIGnsId.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\hIqYmCg.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\kKqkfcB.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\LfNRkkg.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\wIpVKJr.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\TUCRYSC.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\MqxMPTv.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\MCeRWlo.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\HCeiOVT.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\aZbZVbp.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\uQLAsVy.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\JMxrVSv.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\kZnyCGx.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\PIQoyYC.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\awBdcmV.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\KRGhkIU.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\gCSuMlp.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\cCwLpPa.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\QMkhOGJ.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\LbzLjKF.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\JOcGLwB.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\GyndaqN.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\IhOVQBh.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\wMShzqf.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\wszZTCD.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\FcBgZLp.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\RrTRzRD.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\PcJVIzb.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\dRhXWsl.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\oauUDWn.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\VpPnFqe.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\ncjjKle.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\dXrqEaP.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\ySRHYZT.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\pFUnjcz.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\tKsQbjO.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\MkmlDMM.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\yutiLVV.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1496 wrote to memory of 3440 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\lrWufOA.exe
PID 1496 wrote to memory of 3440 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\lrWufOA.exe
PID 1496 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\mINZRPx.exe
PID 1496 wrote to memory of 1592 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\mINZRPx.exe
PID 1496 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\NtFnvYt.exe
PID 1496 wrote to memory of 4200 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\NtFnvYt.exe
PID 1496 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\aIGhjEm.exe
PID 1496 wrote to memory of 3280 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\aIGhjEm.exe
PID 1496 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\CqwqavI.exe
PID 1496 wrote to memory of 908 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\CqwqavI.exe
PID 1496 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\tyDMdrK.exe
PID 1496 wrote to memory of 3432 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\tyDMdrK.exe
PID 1496 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\rOqaudz.exe
PID 1496 wrote to memory of 636 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\rOqaudz.exe
PID 1496 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\OsUgAzW.exe
PID 1496 wrote to memory of 4140 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\OsUgAzW.exe
PID 1496 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\ddmpZqh.exe
PID 1496 wrote to memory of 2916 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\ddmpZqh.exe
PID 1496 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\ixAYhhc.exe
PID 1496 wrote to memory of 2168 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\ixAYhhc.exe
PID 1496 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\lGvkUdU.exe
PID 1496 wrote to memory of 448 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\lGvkUdU.exe
PID 1496 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\aTNBcMh.exe
PID 1496 wrote to memory of 3844 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\aTNBcMh.exe
PID 1496 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\SLuhtVB.exe
PID 1496 wrote to memory of 4404 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\SLuhtVB.exe
PID 1496 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\XPtatgH.exe
PID 1496 wrote to memory of 2288 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\XPtatgH.exe
PID 1496 wrote to memory of 3852 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\AqUACWZ.exe
PID 1496 wrote to memory of 3852 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\AqUACWZ.exe
PID 1496 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\NWjjwWE.exe
PID 1496 wrote to memory of 3024 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\NWjjwWE.exe
PID 1496 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\nhAaImE.exe
PID 1496 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\nhAaImE.exe
PID 1496 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\HYIijuB.exe
PID 1496 wrote to memory of 988 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\HYIijuB.exe
PID 1496 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\qiahHhr.exe
PID 1496 wrote to memory of 4948 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\qiahHhr.exe
PID 1496 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\YbIGQqK.exe
PID 1496 wrote to memory of 2032 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\YbIGQqK.exe
PID 1496 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\oIyzzKy.exe
PID 1496 wrote to memory of 4084 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\oIyzzKy.exe
PID 1496 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\ShMLPvf.exe
PID 1496 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\ShMLPvf.exe
PID 1496 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\dQHhcKI.exe
PID 1496 wrote to memory of 640 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\dQHhcKI.exe
PID 1496 wrote to memory of 3892 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\lbucXOt.exe
PID 1496 wrote to memory of 3892 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\lbucXOt.exe
PID 1496 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\wOAWQnz.exe
PID 1496 wrote to memory of 2456 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\wOAWQnz.exe
PID 1496 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\irWhHuH.exe
PID 1496 wrote to memory of 1552 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\irWhHuH.exe
PID 1496 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\ZMtycoi.exe
PID 1496 wrote to memory of 3084 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\ZMtycoi.exe
PID 1496 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\xGXVSrP.exe
PID 1496 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\xGXVSrP.exe
PID 1496 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\IQxVNNW.exe
PID 1496 wrote to memory of 3856 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\IQxVNNW.exe
PID 1496 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\uSHedxQ.exe
PID 1496 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\uSHedxQ.exe
PID 1496 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\raSBlpJ.exe
PID 1496 wrote to memory of 2972 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\raSBlpJ.exe
PID 1496 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\ABLnFku.exe
PID 1496 wrote to memory of 2772 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\ABLnFku.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe"

C:\Windows\System\lrWufOA.exe

C:\Windows\System\lrWufOA.exe

C:\Windows\System\mINZRPx.exe

C:\Windows\System\mINZRPx.exe

C:\Windows\System\NtFnvYt.exe

C:\Windows\System\NtFnvYt.exe

C:\Windows\System\aIGhjEm.exe

C:\Windows\System\aIGhjEm.exe

C:\Windows\System\CqwqavI.exe

C:\Windows\System\CqwqavI.exe

C:\Windows\System\tyDMdrK.exe

C:\Windows\System\tyDMdrK.exe

C:\Windows\System\rOqaudz.exe

C:\Windows\System\rOqaudz.exe

C:\Windows\System\OsUgAzW.exe

C:\Windows\System\OsUgAzW.exe

C:\Windows\System\ddmpZqh.exe

C:\Windows\System\ddmpZqh.exe

C:\Windows\System\ixAYhhc.exe

C:\Windows\System\ixAYhhc.exe

C:\Windows\System\lGvkUdU.exe

C:\Windows\System\lGvkUdU.exe

C:\Windows\System\aTNBcMh.exe

C:\Windows\System\aTNBcMh.exe

C:\Windows\System\SLuhtVB.exe

C:\Windows\System\SLuhtVB.exe

C:\Windows\System\XPtatgH.exe

C:\Windows\System\XPtatgH.exe

C:\Windows\System\AqUACWZ.exe

C:\Windows\System\AqUACWZ.exe

C:\Windows\System\NWjjwWE.exe

C:\Windows\System\NWjjwWE.exe

C:\Windows\System\nhAaImE.exe

C:\Windows\System\nhAaImE.exe

C:\Windows\System\HYIijuB.exe

C:\Windows\System\HYIijuB.exe

C:\Windows\System\qiahHhr.exe

C:\Windows\System\qiahHhr.exe

C:\Windows\System\YbIGQqK.exe

C:\Windows\System\YbIGQqK.exe

C:\Windows\System\oIyzzKy.exe

C:\Windows\System\oIyzzKy.exe

C:\Windows\System\ShMLPvf.exe

C:\Windows\System\ShMLPvf.exe

C:\Windows\System\dQHhcKI.exe

C:\Windows\System\dQHhcKI.exe

C:\Windows\System\lbucXOt.exe

C:\Windows\System\lbucXOt.exe

C:\Windows\System\wOAWQnz.exe

C:\Windows\System\wOAWQnz.exe

C:\Windows\System\irWhHuH.exe

C:\Windows\System\irWhHuH.exe

C:\Windows\System\ZMtycoi.exe

C:\Windows\System\ZMtycoi.exe

C:\Windows\System\xGXVSrP.exe

C:\Windows\System\xGXVSrP.exe

C:\Windows\System\IQxVNNW.exe

C:\Windows\System\IQxVNNW.exe

C:\Windows\System\uSHedxQ.exe

C:\Windows\System\uSHedxQ.exe

C:\Windows\System\raSBlpJ.exe

C:\Windows\System\raSBlpJ.exe

C:\Windows\System\ABLnFku.exe

C:\Windows\System\ABLnFku.exe

C:\Windows\System\qWJOkox.exe

C:\Windows\System\qWJOkox.exe

C:\Windows\System\JbywfXM.exe

C:\Windows\System\JbywfXM.exe

C:\Windows\System\WqMLMhE.exe

C:\Windows\System\WqMLMhE.exe

C:\Windows\System\HpwPmuU.exe

C:\Windows\System\HpwPmuU.exe

C:\Windows\System\RUjWsDt.exe

C:\Windows\System\RUjWsDt.exe

C:\Windows\System\kuCdleZ.exe

C:\Windows\System\kuCdleZ.exe

C:\Windows\System\jczdUtU.exe

C:\Windows\System\jczdUtU.exe

C:\Windows\System\qoZwLBe.exe

C:\Windows\System\qoZwLBe.exe

C:\Windows\System\uuwFUYj.exe

C:\Windows\System\uuwFUYj.exe

C:\Windows\System\XYxSbZI.exe

C:\Windows\System\XYxSbZI.exe

C:\Windows\System\aOzAAys.exe

C:\Windows\System\aOzAAys.exe

C:\Windows\System\WNixvxJ.exe

C:\Windows\System\WNixvxJ.exe

C:\Windows\System\QxwykNx.exe

C:\Windows\System\QxwykNx.exe

C:\Windows\System\TRHoiFK.exe

C:\Windows\System\TRHoiFK.exe

C:\Windows\System\LfNRkkg.exe

C:\Windows\System\LfNRkkg.exe

C:\Windows\System\iWOYvVG.exe

C:\Windows\System\iWOYvVG.exe

C:\Windows\System\DsaxaRW.exe

C:\Windows\System\DsaxaRW.exe

C:\Windows\System\MkaWzXF.exe

C:\Windows\System\MkaWzXF.exe

C:\Windows\System\NxEiDMM.exe

C:\Windows\System\NxEiDMM.exe

C:\Windows\System\OCaEmCL.exe

C:\Windows\System\OCaEmCL.exe

C:\Windows\System\wIpVKJr.exe

C:\Windows\System\wIpVKJr.exe

C:\Windows\System\ttFDFEX.exe

C:\Windows\System\ttFDFEX.exe

C:\Windows\System\uFbVQWT.exe

C:\Windows\System\uFbVQWT.exe

C:\Windows\System\ubwssBe.exe

C:\Windows\System\ubwssBe.exe

C:\Windows\System\UAbtuvF.exe

C:\Windows\System\UAbtuvF.exe

C:\Windows\System\WXzZRbl.exe

C:\Windows\System\WXzZRbl.exe

C:\Windows\System\iOdPsTo.exe

C:\Windows\System\iOdPsTo.exe

C:\Windows\System\MZpAFZG.exe

C:\Windows\System\MZpAFZG.exe

C:\Windows\System\QnsGrbL.exe

C:\Windows\System\QnsGrbL.exe

C:\Windows\System\ZUHFUJt.exe

C:\Windows\System\ZUHFUJt.exe

C:\Windows\System\OtZJgwG.exe

C:\Windows\System\OtZJgwG.exe

C:\Windows\System\xcWeCeU.exe

C:\Windows\System\xcWeCeU.exe

C:\Windows\System\DnGQgSi.exe

C:\Windows\System\DnGQgSi.exe

C:\Windows\System\ntyuqFy.exe

C:\Windows\System\ntyuqFy.exe

C:\Windows\System\GyndaqN.exe

C:\Windows\System\GyndaqN.exe

C:\Windows\System\gwPfUXC.exe

C:\Windows\System\gwPfUXC.exe

C:\Windows\System\ncjjKle.exe

C:\Windows\System\ncjjKle.exe

C:\Windows\System\DYewMpE.exe

C:\Windows\System\DYewMpE.exe

C:\Windows\System\PbbJFMz.exe

C:\Windows\System\PbbJFMz.exe

C:\Windows\System\rNmsalm.exe

C:\Windows\System\rNmsalm.exe

C:\Windows\System\ReckKil.exe

C:\Windows\System\ReckKil.exe

C:\Windows\System\geTbbQL.exe

C:\Windows\System\geTbbQL.exe

C:\Windows\System\IhOVQBh.exe

C:\Windows\System\IhOVQBh.exe

C:\Windows\System\SIIdVYL.exe

C:\Windows\System\SIIdVYL.exe

C:\Windows\System\KGVZoIa.exe

C:\Windows\System\KGVZoIa.exe

C:\Windows\System\TUCRYSC.exe

C:\Windows\System\TUCRYSC.exe

C:\Windows\System\BxSNCIF.exe

C:\Windows\System\BxSNCIF.exe

C:\Windows\System\nSNkctD.exe

C:\Windows\System\nSNkctD.exe

C:\Windows\System\fsGjRJK.exe

C:\Windows\System\fsGjRJK.exe

C:\Windows\System\xQqinpI.exe

C:\Windows\System\xQqinpI.exe

C:\Windows\System\tRWIbVw.exe

C:\Windows\System\tRWIbVw.exe

C:\Windows\System\awBdcmV.exe

C:\Windows\System\awBdcmV.exe

C:\Windows\System\UsQGdoq.exe

C:\Windows\System\UsQGdoq.exe

C:\Windows\System\yutiLVV.exe

C:\Windows\System\yutiLVV.exe

C:\Windows\System\caTcsCa.exe

C:\Windows\System\caTcsCa.exe

C:\Windows\System\ibJqiZo.exe

C:\Windows\System\ibJqiZo.exe

C:\Windows\System\bnJABQJ.exe

C:\Windows\System\bnJABQJ.exe

C:\Windows\System\otHpsbt.exe

C:\Windows\System\otHpsbt.exe

C:\Windows\System\eQBEPCm.exe

C:\Windows\System\eQBEPCm.exe

C:\Windows\System\wcdhjEW.exe

C:\Windows\System\wcdhjEW.exe

C:\Windows\System\EHFoAVj.exe

C:\Windows\System\EHFoAVj.exe

C:\Windows\System\UcTdNsA.exe

C:\Windows\System\UcTdNsA.exe

C:\Windows\System\CtBppya.exe

C:\Windows\System\CtBppya.exe

C:\Windows\System\pNMieiz.exe

C:\Windows\System\pNMieiz.exe

C:\Windows\System\RLnwnir.exe

C:\Windows\System\RLnwnir.exe

C:\Windows\System\VdWRvUh.exe

C:\Windows\System\VdWRvUh.exe

C:\Windows\System\RFhdmOg.exe

C:\Windows\System\RFhdmOg.exe

C:\Windows\System\GxPZByb.exe

C:\Windows\System\GxPZByb.exe

C:\Windows\System\HeWyFex.exe

C:\Windows\System\HeWyFex.exe

C:\Windows\System\nAPEfKh.exe

C:\Windows\System\nAPEfKh.exe

C:\Windows\System\LkIqTgV.exe

C:\Windows\System\LkIqTgV.exe

C:\Windows\System\YqhQLDi.exe

C:\Windows\System\YqhQLDi.exe

C:\Windows\System\KRGhkIU.exe

C:\Windows\System\KRGhkIU.exe

C:\Windows\System\hNdweAc.exe

C:\Windows\System\hNdweAc.exe

C:\Windows\System\dlfAEub.exe

C:\Windows\System\dlfAEub.exe

C:\Windows\System\hxpiECL.exe

C:\Windows\System\hxpiECL.exe

C:\Windows\System\euGDfLy.exe

C:\Windows\System\euGDfLy.exe

C:\Windows\System\aZbZVbp.exe

C:\Windows\System\aZbZVbp.exe

C:\Windows\System\xkFhWYr.exe

C:\Windows\System\xkFhWYr.exe

C:\Windows\System\cLAUPBm.exe

C:\Windows\System\cLAUPBm.exe

C:\Windows\System\sxJdJOc.exe

C:\Windows\System\sxJdJOc.exe

C:\Windows\System\bKzyyUs.exe

C:\Windows\System\bKzyyUs.exe

C:\Windows\System\lCSNCHE.exe

C:\Windows\System\lCSNCHE.exe

C:\Windows\System\AHUmHMF.exe

C:\Windows\System\AHUmHMF.exe

C:\Windows\System\ZhADNzo.exe

C:\Windows\System\ZhADNzo.exe

C:\Windows\System\yvnNOIj.exe

C:\Windows\System\yvnNOIj.exe

C:\Windows\System\gCSuMlp.exe

C:\Windows\System\gCSuMlp.exe

C:\Windows\System\YSZfuvw.exe

C:\Windows\System\YSZfuvw.exe

C:\Windows\System\uEcwzEn.exe

C:\Windows\System\uEcwzEn.exe

C:\Windows\System\pFcuMoV.exe

C:\Windows\System\pFcuMoV.exe

C:\Windows\System\auOrgpb.exe

C:\Windows\System\auOrgpb.exe

C:\Windows\System\luLBCDa.exe

C:\Windows\System\luLBCDa.exe

C:\Windows\System\mcnOgWr.exe

C:\Windows\System\mcnOgWr.exe

C:\Windows\System\LImtXst.exe

C:\Windows\System\LImtXst.exe

C:\Windows\System\ioWsGjV.exe

C:\Windows\System\ioWsGjV.exe

C:\Windows\System\uQLAsVy.exe

C:\Windows\System\uQLAsVy.exe

C:\Windows\System\gRRNCpq.exe

C:\Windows\System\gRRNCpq.exe

C:\Windows\System\BtRbpJO.exe

C:\Windows\System\BtRbpJO.exe

C:\Windows\System\GrCXnhQ.exe

C:\Windows\System\GrCXnhQ.exe

C:\Windows\System\MxckxhI.exe

C:\Windows\System\MxckxhI.exe

C:\Windows\System\ZGjlQRY.exe

C:\Windows\System\ZGjlQRY.exe

C:\Windows\System\AXwLsWW.exe

C:\Windows\System\AXwLsWW.exe

C:\Windows\System\CeoPzqk.exe

C:\Windows\System\CeoPzqk.exe

C:\Windows\System\jpFUhhB.exe

C:\Windows\System\jpFUhhB.exe

C:\Windows\System\wMShzqf.exe

C:\Windows\System\wMShzqf.exe

C:\Windows\System\NDoTnFc.exe

C:\Windows\System\NDoTnFc.exe

C:\Windows\System\gkaIpSN.exe

C:\Windows\System\gkaIpSN.exe

C:\Windows\System\oHGDJpC.exe

C:\Windows\System\oHGDJpC.exe

C:\Windows\System\ZVWWmhT.exe

C:\Windows\System\ZVWWmhT.exe

C:\Windows\System\eOOXaUh.exe

C:\Windows\System\eOOXaUh.exe

C:\Windows\System\srCpbVW.exe

C:\Windows\System\srCpbVW.exe

C:\Windows\System\FfDepVB.exe

C:\Windows\System\FfDepVB.exe

C:\Windows\System\gWnHGAS.exe

C:\Windows\System\gWnHGAS.exe

C:\Windows\System\fAtepJf.exe

C:\Windows\System\fAtepJf.exe

C:\Windows\System\nQXPtmE.exe

C:\Windows\System\nQXPtmE.exe

C:\Windows\System\qDJnTiJ.exe

C:\Windows\System\qDJnTiJ.exe

C:\Windows\System\xBsucbF.exe

C:\Windows\System\xBsucbF.exe

C:\Windows\System\EQNPTLH.exe

C:\Windows\System\EQNPTLH.exe

C:\Windows\System\ptuSohA.exe

C:\Windows\System\ptuSohA.exe

C:\Windows\System\unsmgFa.exe

C:\Windows\System\unsmgFa.exe

C:\Windows\System\ESCdDJQ.exe

C:\Windows\System\ESCdDJQ.exe

C:\Windows\System\nrQlwVm.exe

C:\Windows\System\nrQlwVm.exe

C:\Windows\System\bsOikkK.exe

C:\Windows\System\bsOikkK.exe

C:\Windows\System\hfyDtVO.exe

C:\Windows\System\hfyDtVO.exe

C:\Windows\System\wZmAMbG.exe

C:\Windows\System\wZmAMbG.exe

C:\Windows\System\dDuKIKc.exe

C:\Windows\System\dDuKIKc.exe

C:\Windows\System\KyMIefr.exe

C:\Windows\System\KyMIefr.exe

C:\Windows\System\xodetCn.exe

C:\Windows\System\xodetCn.exe

C:\Windows\System\ztwBTqN.exe

C:\Windows\System\ztwBTqN.exe

C:\Windows\System\xPzzpid.exe

C:\Windows\System\xPzzpid.exe

C:\Windows\System\XnKvCsr.exe

C:\Windows\System\XnKvCsr.exe

C:\Windows\System\zXllIGY.exe

C:\Windows\System\zXllIGY.exe

C:\Windows\System\dXrqEaP.exe

C:\Windows\System\dXrqEaP.exe

C:\Windows\System\JIPSRGq.exe

C:\Windows\System\JIPSRGq.exe

C:\Windows\System\oCDRmOn.exe

C:\Windows\System\oCDRmOn.exe

C:\Windows\System\zEPsOCx.exe

C:\Windows\System\zEPsOCx.exe

C:\Windows\System\cCwLpPa.exe

C:\Windows\System\cCwLpPa.exe

C:\Windows\System\SezKvyH.exe

C:\Windows\System\SezKvyH.exe

C:\Windows\System\BQjFflY.exe

C:\Windows\System\BQjFflY.exe

C:\Windows\System\CLTloWv.exe

C:\Windows\System\CLTloWv.exe

C:\Windows\System\MqxMPTv.exe

C:\Windows\System\MqxMPTv.exe

C:\Windows\System\XmPYIoh.exe

C:\Windows\System\XmPYIoh.exe

C:\Windows\System\JuPZVTr.exe

C:\Windows\System\JuPZVTr.exe

C:\Windows\System\iLvYKGO.exe

C:\Windows\System\iLvYKGO.exe

C:\Windows\System\XjMsgXy.exe

C:\Windows\System\XjMsgXy.exe

C:\Windows\System\jskzTXK.exe

C:\Windows\System\jskzTXK.exe

C:\Windows\System\aOxVjDc.exe

C:\Windows\System\aOxVjDc.exe

C:\Windows\System\RbmDsFz.exe

C:\Windows\System\RbmDsFz.exe

C:\Windows\System\WdoFaPJ.exe

C:\Windows\System\WdoFaPJ.exe

C:\Windows\System\dWRNBjR.exe

C:\Windows\System\dWRNBjR.exe

C:\Windows\System\sYsJwpI.exe

C:\Windows\System\sYsJwpI.exe

C:\Windows\System\LIjHfKW.exe

C:\Windows\System\LIjHfKW.exe

C:\Windows\System\uNwyBIq.exe

C:\Windows\System\uNwyBIq.exe

C:\Windows\System\PPHkNfT.exe

C:\Windows\System\PPHkNfT.exe

C:\Windows\System\DygwmZI.exe

C:\Windows\System\DygwmZI.exe

C:\Windows\System\tMMEcbz.exe

C:\Windows\System\tMMEcbz.exe

C:\Windows\System\YoSmbOm.exe

C:\Windows\System\YoSmbOm.exe

C:\Windows\System\DqNkbyW.exe

C:\Windows\System\DqNkbyW.exe

C:\Windows\System\bmeWZKN.exe

C:\Windows\System\bmeWZKN.exe

C:\Windows\System\nPyCwtg.exe

C:\Windows\System\nPyCwtg.exe

C:\Windows\System\ekrJHbv.exe

C:\Windows\System\ekrJHbv.exe

C:\Windows\System\HNZFmTd.exe

C:\Windows\System\HNZFmTd.exe

C:\Windows\System\nzFWGez.exe

C:\Windows\System\nzFWGez.exe

C:\Windows\System\nDXLaiv.exe

C:\Windows\System\nDXLaiv.exe

C:\Windows\System\TnFcFmw.exe

C:\Windows\System\TnFcFmw.exe

C:\Windows\System\fYmUQAi.exe

C:\Windows\System\fYmUQAi.exe

C:\Windows\System\qCHEeAD.exe

C:\Windows\System\qCHEeAD.exe

C:\Windows\System\YROterA.exe

C:\Windows\System\YROterA.exe

C:\Windows\System\xYvhoRB.exe

C:\Windows\System\xYvhoRB.exe

C:\Windows\System\jEmrqvA.exe

C:\Windows\System\jEmrqvA.exe

C:\Windows\System\IafXppk.exe

C:\Windows\System\IafXppk.exe

C:\Windows\System\EUkcuYS.exe

C:\Windows\System\EUkcuYS.exe

C:\Windows\System\erHQmMX.exe

C:\Windows\System\erHQmMX.exe

C:\Windows\System\WaxvNVp.exe

C:\Windows\System\WaxvNVp.exe

C:\Windows\System\xBOYXZs.exe

C:\Windows\System\xBOYXZs.exe

C:\Windows\System\rXXRdzi.exe

C:\Windows\System\rXXRdzi.exe

C:\Windows\System\wszZTCD.exe

C:\Windows\System\wszZTCD.exe

C:\Windows\System\FcBgZLp.exe

C:\Windows\System\FcBgZLp.exe

C:\Windows\System\ySRHYZT.exe

C:\Windows\System\ySRHYZT.exe

C:\Windows\System\zvZDmGS.exe

C:\Windows\System\zvZDmGS.exe

C:\Windows\System\iNgnqgH.exe

C:\Windows\System\iNgnqgH.exe

C:\Windows\System\pFUnjcz.exe

C:\Windows\System\pFUnjcz.exe

C:\Windows\System\VOkqfwA.exe

C:\Windows\System\VOkqfwA.exe

C:\Windows\System\TblegDr.exe

C:\Windows\System\TblegDr.exe

C:\Windows\System\MCeRWlo.exe

C:\Windows\System\MCeRWlo.exe

C:\Windows\System\KYrJOVC.exe

C:\Windows\System\KYrJOVC.exe

C:\Windows\System\wfNRfhZ.exe

C:\Windows\System\wfNRfhZ.exe

C:\Windows\System\vIfbyWs.exe

C:\Windows\System\vIfbyWs.exe

C:\Windows\System\QMkhOGJ.exe

C:\Windows\System\QMkhOGJ.exe

C:\Windows\System\cjvGQEC.exe

C:\Windows\System\cjvGQEC.exe

C:\Windows\System\NIpBugm.exe

C:\Windows\System\NIpBugm.exe

C:\Windows\System\yzkLHLt.exe

C:\Windows\System\yzkLHLt.exe

C:\Windows\System\qGsMGTc.exe

C:\Windows\System\qGsMGTc.exe

C:\Windows\System\odOVRqb.exe

C:\Windows\System\odOVRqb.exe

C:\Windows\System\CZUHwLJ.exe

C:\Windows\System\CZUHwLJ.exe

C:\Windows\System\Tqmjnhd.exe

C:\Windows\System\Tqmjnhd.exe

C:\Windows\System\bYxbmlZ.exe

C:\Windows\System\bYxbmlZ.exe

C:\Windows\System\VSCHXNk.exe

C:\Windows\System\VSCHXNk.exe

C:\Windows\System\YBCvJgu.exe

C:\Windows\System\YBCvJgu.exe

C:\Windows\System\iWOBeyP.exe

C:\Windows\System\iWOBeyP.exe

C:\Windows\System\IJglzqV.exe

C:\Windows\System\IJglzqV.exe

C:\Windows\System\sKNoDtR.exe

C:\Windows\System\sKNoDtR.exe

C:\Windows\System\FGFuUxx.exe

C:\Windows\System\FGFuUxx.exe

C:\Windows\System\WfYgVFM.exe

C:\Windows\System\WfYgVFM.exe

C:\Windows\System\GHRCuJa.exe

C:\Windows\System\GHRCuJa.exe

C:\Windows\System\ThqxPpG.exe

C:\Windows\System\ThqxPpG.exe

C:\Windows\System\MulfLtP.exe

C:\Windows\System\MulfLtP.exe

C:\Windows\System\QrXRXhg.exe

C:\Windows\System\QrXRXhg.exe

C:\Windows\System\wWpiwjO.exe

C:\Windows\System\wWpiwjO.exe

C:\Windows\System\LFzpOYg.exe

C:\Windows\System\LFzpOYg.exe

C:\Windows\System\HCeiOVT.exe

C:\Windows\System\HCeiOVT.exe

C:\Windows\System\UHqidbn.exe

C:\Windows\System\UHqidbn.exe

C:\Windows\System\vRpgxVR.exe

C:\Windows\System\vRpgxVR.exe

C:\Windows\System\nbmgjCb.exe

C:\Windows\System\nbmgjCb.exe

C:\Windows\System\ebCWbfB.exe

C:\Windows\System\ebCWbfB.exe

C:\Windows\System\SdaHKLf.exe

C:\Windows\System\SdaHKLf.exe

C:\Windows\System\pAbbkcn.exe

C:\Windows\System\pAbbkcn.exe

C:\Windows\System\WIGnsId.exe

C:\Windows\System\WIGnsId.exe

C:\Windows\System\pRXGXeg.exe

C:\Windows\System\pRXGXeg.exe

C:\Windows\System\rAfCtUZ.exe

C:\Windows\System\rAfCtUZ.exe

C:\Windows\System\GIWXhkw.exe

C:\Windows\System\GIWXhkw.exe

C:\Windows\System\xGutjMA.exe

C:\Windows\System\xGutjMA.exe

C:\Windows\System\bRtHPNG.exe

C:\Windows\System\bRtHPNG.exe

C:\Windows\System\oplReck.exe

C:\Windows\System\oplReck.exe

C:\Windows\System\rVBAYVh.exe

C:\Windows\System\rVBAYVh.exe

C:\Windows\System\hIqYmCg.exe

C:\Windows\System\hIqYmCg.exe

C:\Windows\System\YXSKcAE.exe

C:\Windows\System\YXSKcAE.exe

C:\Windows\System\PcJVIzb.exe

C:\Windows\System\PcJVIzb.exe

C:\Windows\System\trXffFE.exe

C:\Windows\System\trXffFE.exe

C:\Windows\System\IGCrFFe.exe

C:\Windows\System\IGCrFFe.exe

C:\Windows\System\JMxrVSv.exe

C:\Windows\System\JMxrVSv.exe

C:\Windows\System\xIPOpap.exe

C:\Windows\System\xIPOpap.exe

C:\Windows\System\cmrTNIJ.exe

C:\Windows\System\cmrTNIJ.exe

C:\Windows\System\pwkwOng.exe

C:\Windows\System\pwkwOng.exe

C:\Windows\System\BUNyrSa.exe

C:\Windows\System\BUNyrSa.exe

C:\Windows\System\jCwgGMv.exe

C:\Windows\System\jCwgGMv.exe

C:\Windows\System\mZuiEpb.exe

C:\Windows\System\mZuiEpb.exe

C:\Windows\System\BgEaYVH.exe

C:\Windows\System\BgEaYVH.exe

C:\Windows\System\JuNZweE.exe

C:\Windows\System\JuNZweE.exe

C:\Windows\System\tKsQbjO.exe

C:\Windows\System\tKsQbjO.exe

C:\Windows\System\yNCiZoB.exe

C:\Windows\System\yNCiZoB.exe

C:\Windows\System\fsimvGC.exe

C:\Windows\System\fsimvGC.exe

C:\Windows\System\FocEqGq.exe

C:\Windows\System\FocEqGq.exe

C:\Windows\System\XRrpalx.exe

C:\Windows\System\XRrpalx.exe

C:\Windows\System\fAitCGJ.exe

C:\Windows\System\fAitCGJ.exe

C:\Windows\System\kuGRXpw.exe

C:\Windows\System\kuGRXpw.exe

C:\Windows\System\GkqRLKx.exe

C:\Windows\System\GkqRLKx.exe

C:\Windows\System\IuWGyXE.exe

C:\Windows\System\IuWGyXE.exe

C:\Windows\System\hEErIlp.exe

C:\Windows\System\hEErIlp.exe

C:\Windows\System\kZnyCGx.exe

C:\Windows\System\kZnyCGx.exe

C:\Windows\System\dyplhfr.exe

C:\Windows\System\dyplhfr.exe

C:\Windows\System\sPmnsOO.exe

C:\Windows\System\sPmnsOO.exe

C:\Windows\System\AtHOPvf.exe

C:\Windows\System\AtHOPvf.exe

C:\Windows\System\RZstgWB.exe

C:\Windows\System\RZstgWB.exe

C:\Windows\System\SAmxrIi.exe

C:\Windows\System\SAmxrIi.exe

C:\Windows\System\zFQwSDP.exe

C:\Windows\System\zFQwSDP.exe

C:\Windows\System\EXalKLd.exe

C:\Windows\System\EXalKLd.exe

C:\Windows\System\cydQYYt.exe

C:\Windows\System\cydQYYt.exe

C:\Windows\System\pDcvRQK.exe

C:\Windows\System\pDcvRQK.exe

C:\Windows\System\MkmlDMM.exe

C:\Windows\System\MkmlDMM.exe

C:\Windows\System\FxIBNoy.exe

C:\Windows\System\FxIBNoy.exe

C:\Windows\System\XdUyJLX.exe

C:\Windows\System\XdUyJLX.exe

C:\Windows\System\myIwwxW.exe

C:\Windows\System\myIwwxW.exe

C:\Windows\System\MHiDUQY.exe

C:\Windows\System\MHiDUQY.exe

C:\Windows\System\iZIMIti.exe

C:\Windows\System\iZIMIti.exe

C:\Windows\System\SysYsKe.exe

C:\Windows\System\SysYsKe.exe

C:\Windows\System\SkwkDKV.exe

C:\Windows\System\SkwkDKV.exe

C:\Windows\System\PIQoyYC.exe

C:\Windows\System\PIQoyYC.exe

C:\Windows\System\kKqkfcB.exe

C:\Windows\System\kKqkfcB.exe

C:\Windows\System\oWLpqZo.exe

C:\Windows\System\oWLpqZo.exe

C:\Windows\System\ovhLuzy.exe

C:\Windows\System\ovhLuzy.exe

C:\Windows\System\qOBOWyG.exe

C:\Windows\System\qOBOWyG.exe

C:\Windows\System\rsmOHrq.exe

C:\Windows\System\rsmOHrq.exe

C:\Windows\System\LbzLjKF.exe

C:\Windows\System\LbzLjKF.exe

C:\Windows\System\YqAnPAM.exe

C:\Windows\System\YqAnPAM.exe

C:\Windows\System\FGyMHAM.exe

C:\Windows\System\FGyMHAM.exe

C:\Windows\System\owTcycj.exe

C:\Windows\System\owTcycj.exe

C:\Windows\System\rGKqhJu.exe

C:\Windows\System\rGKqhJu.exe

C:\Windows\System\bEbOfGK.exe

C:\Windows\System\bEbOfGK.exe

C:\Windows\System\oauUDWn.exe

C:\Windows\System\oauUDWn.exe

C:\Windows\System\dRhXWsl.exe

C:\Windows\System\dRhXWsl.exe

C:\Windows\System\VpPnFqe.exe

C:\Windows\System\VpPnFqe.exe

C:\Windows\System\uLXoNZE.exe

C:\Windows\System\uLXoNZE.exe

C:\Windows\System\PCGCnQw.exe

C:\Windows\System\PCGCnQw.exe

C:\Windows\System\Qcslkoi.exe

C:\Windows\System\Qcslkoi.exe

C:\Windows\System\RrTRzRD.exe

C:\Windows\System\RrTRzRD.exe

C:\Windows\System\ZmUGGPJ.exe

C:\Windows\System\ZmUGGPJ.exe

C:\Windows\System\tQatrMT.exe

C:\Windows\System\tQatrMT.exe

C:\Windows\System\VkZFCrI.exe

C:\Windows\System\VkZFCrI.exe

C:\Windows\System\DzMHImd.exe

C:\Windows\System\DzMHImd.exe

C:\Windows\System\JOcGLwB.exe

C:\Windows\System\JOcGLwB.exe

C:\Windows\System\OqLilEM.exe

C:\Windows\System\OqLilEM.exe

C:\Windows\System\jcfXMSC.exe

C:\Windows\System\jcfXMSC.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4312 --field-trial-handle=2692,i,8678872182442199182,12502579059484928042,262144 --variations-seed-version /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 240.197.17.2.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 74.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 172.217.169.10:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 10.169.217.172.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 13.86.106.20.in-addr.arpa udp
US 8.8.8.8:53 228.249.119.40.in-addr.arpa udp
US 8.8.8.8:53 11.227.111.52.in-addr.arpa udp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
US 8.8.8.8:53 5.173.189.20.in-addr.arpa udp

Files

memory/1496-0-0x00007FF7E7FD0000-0x00007FF7E8324000-memory.dmp

memory/1496-1-0x000001DA6E1B0000-0x000001DA6E1C0000-memory.dmp

C:\Windows\System\lrWufOA.exe

MD5 7cd09eca1665866a533db027bb846eab
SHA1 2e47049346fca40c3260ec88f9e8bdb59b7eb2d4
SHA256 1b58ffb12c1a8cc818864294b93723df9dec3f02f7f6ef7928d869a8a55e45a4
SHA512 a719b95818354563fbe85bb6b7802585dc861eec59b08d9f5dbb5f6ef5295429a49c2174f83fe6ffa96f1298d13b0a7c07c3295313f77d6a03a3fea3362505d2

memory/3440-8-0x00007FF7DCF50000-0x00007FF7DD2A4000-memory.dmp

C:\Windows\System\mINZRPx.exe

MD5 d73a0b0334d0330a3650c506bd263dd2
SHA1 44da5f9991dc19fb9265139ca695d249a1fcfb13
SHA256 e4cc6c25f927e19ef986a968eae2a3eb339e075a43f2de0067796cc87d0612f0
SHA512 826a2f0a02e6e1c2d8c3b51d734cd4206d727cd6cdcc3f6f8e4d692e20c2a00882b3ef72940b39a9f1c291fc5adee8eff2a8daca39a5ab5abddb6060ff913565

memory/1592-14-0x00007FF6B2EC0000-0x00007FF6B3214000-memory.dmp

C:\Windows\System\NtFnvYt.exe

MD5 a9098d46ba365ebeb0c96a960f23fce0
SHA1 58ef775e1d06562f12762ecb88e5a5e609663106
SHA256 291136d7b3c82af7876b447a31b85473e33ab5d15fbd2d0305015cf4cce49c86
SHA512 a62cbd3dfa5445b2b913df2333f2db39c7cfab698f2ad965d6fa88dd0d777afce3ff96a38a69ba4222188fe8f08c729c34f4a5d661f1e83d245581546da45afa

C:\Windows\System\aIGhjEm.exe

MD5 533f835c5cfeb56a8aefdacf932594c4
SHA1 2088c391f1c927af02e1949155a2d68c108ab303
SHA256 2efd6313620b8fd7ee1b2f46851d68a7b958b416a68a794d6890ec6c0660f50a
SHA512 47cbfdd244840f20c42590ce139c12da31c51b46e9602c067a1e86cde449ae0f533e130656e6761eccb8b134e890a6d23428bc62d474514e421aba44a07834ef

memory/4200-23-0x00007FF7113B0000-0x00007FF711704000-memory.dmp

memory/3280-24-0x00007FF6B8A70000-0x00007FF6B8DC4000-memory.dmp

C:\Windows\System\CqwqavI.exe

MD5 3ceb7f7ac984c3ec237c470505fdf6b5
SHA1 ace805cdc287c58286192ead9efbb0a565f31194
SHA256 fede7350637fdff0a5def22df3239cfff92ab7ec8da6b2cf44ba6b305ac5ab5c
SHA512 fd0283972059a136dc753003cba612c7d5aa689fac79fc2691c55f858af310207e595d9be02809a9629776d67a6ea904120864586bf2707a46317e3045febb65

C:\Windows\System\tyDMdrK.exe

MD5 e52ebd3dfe35fbb42517ee9b7c07066f
SHA1 57d4ac58053c7a4f562a0b7bbc2c9eb8f5de4f46
SHA256 cb419f86046fa50d5e8229be68b2f4485f2151dd9d27c44ff579510078231a48
SHA512 265055038d5fcf281997edd9915a65b6dcea3cfbf27417593270f2b6db3b8378ad8aa3602709e9716d27b5162f61e7bb8080baa5a10e42b0da29d615c385c06d

C:\Windows\System\rOqaudz.exe

MD5 3dedea85c10b5cb98d1fefdd072cc401
SHA1 5c48ed73147dbfa6b12c786d972d9c33306b5482
SHA256 5cac3261e40ac0755872cd58b9969cbbf2c43026f5abe62c8c8c638f7b73399b
SHA512 5b793ecfe328e3eda701ba9693ef5929e8365e5a39130b4fbcf85b2793cfe76630f8171ac30019ccccf0fc07a15cb52b629ea646e7264dc0547af029cb87fef8

C:\Windows\System\OsUgAzW.exe

MD5 a2c1736d819d641d184974a41d36fb31
SHA1 e1ef8dbf3b57f5c2f793292ec3c63578a8cf4e79
SHA256 c01ae0f7dce500778d3cd080bb2e37efa8bdb4712ae83725ae9042ca58382dac
SHA512 f7471dff31338990c05516e5da49242093e80928490d3f8ca4c0490c90046522b37f86e50a984168e4b870252938e4af6a5d056c1f91b126647af7bb3e3b85ef

C:\Windows\System\ixAYhhc.exe

MD5 0a160fc3df4e61abce2381ed654f44b9
SHA1 bce01077ff7c4fa7496d938348a096626d07b46a
SHA256 0f87e6500608102fc356b322e3650b5fbc6557442ad70df373a84f06d5a9df48
SHA512 d55a23d0407adeb5bbb6860e8aee82d9ac7daf2253dab717a4b1a59c50169b79c282d771c5a564d59505d3575056b30c7adc26f4fae29688c341a41a7f2f74dc

C:\Windows\System\lGvkUdU.exe

MD5 cf785ede21b317f4cd12fba1c4bfa157
SHA1 5d1e261383c55fe43dec7a1264e4d2637c3522d3
SHA256 e6f63348e237e2ac05be331ec3591538b11b63af79d2924d9fa633a229bbd4a8
SHA512 4e2f0b683ad9a004b65020ea63c8d19fe9ea033688a0ac38eb5fe9fcf05eeb475908f2a6c0cbdc8e7725d188432c73e7a9241277bb4b14c9bb5675273b2905f2

C:\Windows\System\aTNBcMh.exe

MD5 dfcfe68bc37375a19ccc22d2f245ed54
SHA1 582a7e089240988ca0a4f9b24ce995235bf50eeb
SHA256 95867e9da09626296aed220553ca277bd6bbf3621290b132319c535624a8ce93
SHA512 9a5522e6f443a14af28937d050b9079166c063eaac2030af4df9fcb240ebc6581e5de15800cbc0820c5f70fafb605fcc94d1b5575e276b9ed0becbaf99e4c528

C:\Windows\System\SLuhtVB.exe

MD5 c3169d62911628fdae28e075305cd711
SHA1 7c49ec821dac2e3ed54ada92a9a99df6998b93d3
SHA256 1db5cf898102cd52473007d130b9aa825529679f0748c44666f219f50957d089
SHA512 663a25e3bb6a1f4f8f17965ec4603dd1f6ba5f66168e66e2da82870225423b754403aca3e7b8ecc6d457c223e0826228e2627d4a93cac4a34be00644145a7133

C:\Windows\System\AqUACWZ.exe

MD5 5758fd93f0f8f4c9038cedf1cdbac4dd
SHA1 a255d6923945f64f7fbc2de8f7b5060f3b12128b
SHA256 6e58d2a23e04fe8be0ce25df678c81385abf9dde33d184880d7c5ac9635ba619
SHA512 cffb41cc8e384866546c50ecb3d953a3d8475dc0825a40fde0f91f9d3115f84efbe01d41774ecdc6ea44c959c32acd64ca568ce1ffd8b4188eaf9f399a30dc0c

C:\Windows\System\NWjjwWE.exe

MD5 9af6214198ecae888ef3477dc1153d34
SHA1 2cc28e110383c756a05f91e1a881bdc80e7bef61
SHA256 09b184ead92fed558bd677e1487dda70a2c47d698c4b26c3d11300825ad22bee
SHA512 3f5bc2f5bee4003c3982a2685b99620ab88ffe6e527a11d4dee23d17735415993d0a0e23ea93cf2e0815cb0d43a1117c9c600c666fa8d163e1b4e3c08d5b3177

C:\Windows\System\HYIijuB.exe

MD5 792410adf1d2378f21971dfbe76542f1
SHA1 26a352f07930443a420d09a55800e6b740c34f85
SHA256 b5fbcaa17c061b1733a9932e91ab45bc642386df1ab70120d57e36eafaba7a88
SHA512 a7c6da03d88e374faa472803618a7953dcb007070f570e551004e980b3e59db9bdff30eeaa8ae14a56e269008a43e454a24331495e351026780c5cbdd18623e9

C:\Windows\System\YbIGQqK.exe

MD5 cd75e61c627a332a067dced7f0b90bb5
SHA1 a0a04510a6bf8ad217e0d4d818e87389be666499
SHA256 b04de6ba3dab53c830f9911d698d7a8e0ac2a4306a64e6c8470dd64cab9109a9
SHA512 10b76213d9671df5670babef8751dc53df3ce0d54041d8f77c2d59690062fec3e25da1f7d7f449d553b07fdaf37c1a5c807bc6601e81c56b23eabbb63a23b22f

C:\Windows\System\lbucXOt.exe

MD5 03a787c7b4fbc87bf48a97d19277027f
SHA1 82f9f7fdfdc3d6d9c13e5f06b51e8bf8d7f47b0b
SHA256 009e4476b3b74c02b3a02df8e321decdd08b9eaf868a2a6e8b4861b6be7d220b
SHA512 8d24e1c60160f1b7c978b9ff14b2b44c6a29f0f64a48c0f99b7664501b96f6d77ee8499fa20e72cec085866670dcf210efe6beec564f00035e8817c27f9b68d6

C:\Windows\System\ZMtycoi.exe

MD5 e5fef3973cc52e54c54f349b2536cd9e
SHA1 d7960352dd9289a22f83a3a5baaf5597fd7a4710
SHA256 e44c66b075681234b97ef9a8f502b810144f301802c9d66a21261e5f090c9527
SHA512 404e39e24ce7e915ca883c35533d82ad3236b3ce862b84ec4ecbf0123aae564fe93f4e76b785396604934be98dd9322c916072832629619598531c7938280169

C:\Windows\System\xGXVSrP.exe

MD5 2a205cd6438a3f40f51764bffcebfcb2
SHA1 5ee273cd6cbc6ffc0d04fd319b9fc43cc39ca9d3
SHA256 40ba1b5fb3f6b262de68d1d6ae141379acba18c999f41a4d0787a08cd3ee93b9
SHA512 e1ebdd6e94d00e944336fd166021e19e8ce7cc000875d5e8fad26f335c5e4422acc4ceb9f25ca3e003c3bf651740f2e6eb8c6712cc0f6a6db562888c4d7fb2f6

C:\Windows\System\IQxVNNW.exe

MD5 05abf3d35f9ea58294e55794f023cac3
SHA1 027c24e4ab9c11a1937a5ef242d5e705b8f90c44
SHA256 c04022ffac689221b0d7a278e0ce9fd6edcaf7752bfb3df7010292b9173bd5a0
SHA512 aafe9cfb2f7190f10e90806b94df9b4ca640d907258bfd92cf72d63e16bc4ea59729d800356792229655eeceb7d29e10292f28b1d6df8488c9b3b66f5b094988

C:\Windows\System\uSHedxQ.exe

MD5 b16b1fd1a404fe169161ea481c844a94
SHA1 f4bc7a567b1fca55c667695508630e16cd9210ba
SHA256 3eb599e6ba01d9f2c5e3a426af02a4bb8e2136bee56041070a0e34ae6a8c4855
SHA512 98226bd50f07ef28121f3062563efe73b8bac7645c1340f9358078e94cd4f06319d4f309b165800bab5c835cd689a0f25a2fba6ddbc984ffcb4199c446ce066f

C:\Windows\System\ABLnFku.exe

MD5 1594333b79cc8d3385bc39d870cd111a
SHA1 26bc6931f1e3e678b949ac59d6665d5cb9d6f1d2
SHA256 713defa25dd3cd8c23d36a389dcc43a4ab840da6089c9820702ecb1458401462
SHA512 a98c34e12caa368fb7cf486b0d9296790700b4cfc33d628cf5478dc40d0ebdd47cbfe5f5240e990be0c0a5dd1bfae3eacc096fe1bf74513e4e495a9141cbc648

memory/908-409-0x00007FF6F7820000-0x00007FF6F7B74000-memory.dmp

memory/636-417-0x00007FF7E85A0000-0x00007FF7E88F4000-memory.dmp

memory/4140-420-0x00007FF6D0E40000-0x00007FF6D1194000-memory.dmp

memory/2916-424-0x00007FF74C6D0000-0x00007FF74CA24000-memory.dmp

memory/2168-427-0x00007FF7B1200000-0x00007FF7B1554000-memory.dmp

memory/3844-431-0x00007FF6C0380000-0x00007FF6C06D4000-memory.dmp

memory/4404-432-0x00007FF773420000-0x00007FF773774000-memory.dmp

memory/3852-434-0x00007FF61E060000-0x00007FF61E3B4000-memory.dmp

memory/2384-436-0x00007FF7590A0000-0x00007FF7593F4000-memory.dmp

memory/3024-435-0x00007FF79E6C0000-0x00007FF79EA14000-memory.dmp

memory/2288-433-0x00007FF6C6B50000-0x00007FF6C6EA4000-memory.dmp

memory/448-430-0x00007FF6F48F0000-0x00007FF6F4C44000-memory.dmp

memory/3432-414-0x00007FF621470000-0x00007FF6217C4000-memory.dmp

memory/4948-438-0x00007FF6EA440000-0x00007FF6EA794000-memory.dmp

memory/2032-444-0x00007FF6EC430000-0x00007FF6EC784000-memory.dmp

memory/988-437-0x00007FF6DB280000-0x00007FF6DB5D4000-memory.dmp

memory/1728-452-0x00007FF67EAA0000-0x00007FF67EDF4000-memory.dmp

memory/4084-451-0x00007FF7CB1E0000-0x00007FF7CB534000-memory.dmp

C:\Windows\System\raSBlpJ.exe

MD5 3757ae77681d2f8841b14946ef683f3f
SHA1 1828d1368f15bca2b415eb054f3b1bf55e59d57c
SHA256 4ccc21ecffff114c107e8fc47c07f6b430213d78adcfc92dc2b157ca18df92ec
SHA512 383454f52dc84621d8ac3959e4707d9852c1e5ea1af71b0d8aa21d6e0effa7689346fbefa15329577d8e7d70a7913a68e7990e67bf63262e43b24066a0d838eb

memory/640-453-0x00007FF6123C0000-0x00007FF612714000-memory.dmp

memory/3892-454-0x00007FF7CE310000-0x00007FF7CE664000-memory.dmp

memory/2456-459-0x00007FF6BFA50000-0x00007FF6BFDA4000-memory.dmp

memory/1552-460-0x00007FF7820C0000-0x00007FF782414000-memory.dmp

memory/3084-463-0x00007FF7140C0000-0x00007FF714414000-memory.dmp

memory/2340-465-0x00007FF636630000-0x00007FF636984000-memory.dmp

memory/3856-466-0x00007FF7B6B30000-0x00007FF7B6E84000-memory.dmp

C:\Windows\System\irWhHuH.exe

MD5 253cc0cd34d24ec88d8f59cdf02ed511
SHA1 17ac49540ca9ca9f2ceef07681792cf03a80ebc0
SHA256 d2137fec8d3a233f6c1cddfc1dd37df4d770aab3940b05169be08b1956a47e49
SHA512 180cb5d0e5ad330c3c6a58ab32573fe996242a00b2f9b16d93de950013953d5c0699b29a34ff0a69eec0cbd565f651ff920417f2de75c570df16c5d848030db0

C:\Windows\System\wOAWQnz.exe

MD5 83da46273be0740f0396257611c6baa2
SHA1 0ddb16bb486d02fee105447cc6b75e59768534fa
SHA256 210715d3cd59dee4817b0c92d9cfd4a5737c025689fdd7c60c8b002fab6e5b7e
SHA512 c0015d34bd7c86afdca631c4e68c211f918657d4ccbbcf131dfddabd1b74147de1a4041cbeefc4960c8b6a2b4187b6e994b37bfba899fce742f05366aa016a0f

C:\Windows\System\dQHhcKI.exe

MD5 cf62bc30c41d13fe38bef93103d3ecfd
SHA1 19385b6eff3a57bbd65833da63e33dfb5f3ec3b5
SHA256 8ec5a0b98810e429aa448664beda7aea462738ee9922807d36d3166166333465
SHA512 6265f56a28a8ebe48eb64c9f0d87dab369c2582ca23fb60b8a1c0509b2eb6cb95fe30dad3fe34eb23dde9b53ae2646e1b5a195dbb1b2c4c2e34853c199b675ba

C:\Windows\System\ShMLPvf.exe

MD5 1925121abbd27cea2b7be27c58bec2c1
SHA1 7feeacda362d9eb08e099a54be53a0280d8016ed
SHA256 70bd6078347cab3954fa3e2b38682f7249d6805dcfc4ff825e2ec15a025ca894
SHA512 048e71fc72278661210493847a599c9bcfc92047795d5ceeee07a0b84a59f5079dae9b0ee26c0fb6707a0167d0675029f6b4ce128fbe869c5436636150f10d74

C:\Windows\System\oIyzzKy.exe

MD5 05b358a71fbee0ecb9ce117382749c02
SHA1 f27313b94355332cf3653a55497a29e3a5ad0b45
SHA256 eea948fd2516ea552ea5b361b2e9ad1d433cc1dacc19ba7a8c6a29da9bf7f9f2
SHA512 f4e1ac9a77de324957590b7f7d71c21c44e033d0fc6a189c9d729b456f5dc9754a0c5fff2146eba84c177729752b7248ed123d481bf2d92142ec709000ddc803

C:\Windows\System\qiahHhr.exe

MD5 292630902d644e4190554f94bca5d165
SHA1 f6a9c2228e6f5bd6ec75b8a9f2db956015ac9550
SHA256 1dc00abbc5d7b0063252195771b12a8f40515c88fa5cae3eacf8abbbd66291b7
SHA512 c020af35a97568596e7759165fa0143c4c3686f402759f1fce3496bcf4b2a29c632b3849596187696724ada2d5fc98ce40e9d3f915419f189be5d5dd65514926

C:\Windows\System\nhAaImE.exe

MD5 ef6936f8d7d6ccb13675f946bb06d248
SHA1 e96dbe5d9d73d67ff4985b521870f26b985370ea
SHA256 8c523e22a472b170bcc880f21fc1db526ea32757dfc32fd527d2d36cbac1fdf1
SHA512 eb10298997ac786cdcce1fa9f6499036573be1be975f9cb8dff5ad8b3580206306ef14e88601a0728e8e75ad139c2fbd7870aaa7b79929c9c4c5b43d3a26a089

C:\Windows\System\XPtatgH.exe

MD5 545ebc9dbc88fbfeaddc33954ebc368a
SHA1 9247afcd1cf05fca03070c097db273e1b792ad65
SHA256 5dfc632951a6f21a939d49d7dbef1cf2fbbfd278c1b1b154d6d585f804730556
SHA512 9a7c63d01dded0d8534f7af3d1bf7954e6d674cf6c9afa6fceb4da46700b28ff01d5a0708d12543a882e50c72d78227f731b44f5d6c3dca9119364b370b2a778

C:\Windows\System\ddmpZqh.exe

MD5 014dc21c7162c5e57a78961bd697248c
SHA1 e7e19488199159827d0b84c08f2dfa7be7682c81
SHA256 bd68e370de4b078a083aff4ec1e3cbff43ae77e2481ebe5af366052e2b731bf4
SHA512 e9c153eeb09a7b42aebc6c30cf8b7ada73575249f2f10acfd821ede99b4b73c7a8382206b64d24f560f4a6a8b0515b3d5b736497f6c5602109097a11a02ce795

memory/1496-1070-0x00007FF7E7FD0000-0x00007FF7E8324000-memory.dmp

memory/1592-1071-0x00007FF6B2EC0000-0x00007FF6B3214000-memory.dmp

memory/3440-1072-0x00007FF7DCF50000-0x00007FF7DD2A4000-memory.dmp

memory/1592-1073-0x00007FF6B2EC0000-0x00007FF6B3214000-memory.dmp

memory/4200-1074-0x00007FF7113B0000-0x00007FF711704000-memory.dmp

memory/3280-1075-0x00007FF6B8A70000-0x00007FF6B8DC4000-memory.dmp

memory/908-1076-0x00007FF6F7820000-0x00007FF6F7B74000-memory.dmp

memory/3432-1077-0x00007FF621470000-0x00007FF6217C4000-memory.dmp

memory/636-1078-0x00007FF7E85A0000-0x00007FF7E88F4000-memory.dmp

memory/4140-1079-0x00007FF6D0E40000-0x00007FF6D1194000-memory.dmp

memory/2916-1080-0x00007FF74C6D0000-0x00007FF74CA24000-memory.dmp

memory/448-1081-0x00007FF6F48F0000-0x00007FF6F4C44000-memory.dmp

memory/2168-1082-0x00007FF7B1200000-0x00007FF7B1554000-memory.dmp

memory/3844-1083-0x00007FF6C0380000-0x00007FF6C06D4000-memory.dmp

memory/3852-1084-0x00007FF61E060000-0x00007FF61E3B4000-memory.dmp

memory/3024-1086-0x00007FF79E6C0000-0x00007FF79EA14000-memory.dmp

memory/2288-1087-0x00007FF6C6B50000-0x00007FF6C6EA4000-memory.dmp

memory/4948-1090-0x00007FF6EA440000-0x00007FF6EA794000-memory.dmp

memory/2032-1091-0x00007FF6EC430000-0x00007FF6EC784000-memory.dmp

memory/988-1089-0x00007FF6DB280000-0x00007FF6DB5D4000-memory.dmp

memory/2384-1088-0x00007FF7590A0000-0x00007FF7593F4000-memory.dmp

memory/4404-1085-0x00007FF773420000-0x00007FF773774000-memory.dmp

memory/640-1092-0x00007FF6123C0000-0x00007FF612714000-memory.dmp

memory/4084-1094-0x00007FF7CB1E0000-0x00007FF7CB534000-memory.dmp

memory/1728-1093-0x00007FF67EAA0000-0x00007FF67EDF4000-memory.dmp

memory/3892-1095-0x00007FF7CE310000-0x00007FF7CE664000-memory.dmp

memory/2340-1098-0x00007FF636630000-0x00007FF636984000-memory.dmp

memory/1552-1100-0x00007FF7820C0000-0x00007FF782414000-memory.dmp

memory/3856-1099-0x00007FF7B6B30000-0x00007FF7B6E84000-memory.dmp

memory/2456-1097-0x00007FF6BFA50000-0x00007FF6BFDA4000-memory.dmp

memory/3084-1096-0x00007FF7140C0000-0x00007FF714414000-memory.dmp

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-25 09:22

Reported

2024-06-25 09:24

Platform

win7-20240611-en

Max time kernel

133s

Max time network

148s

Command Line

"C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe"

Signatures

KPOT

trojan stealer kpot

KPOT Core Executable

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

xmrig

miner xmrig

XMRig Miner payload

miner
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Windows\System\YJdRRLe.exe N/A
N/A N/A C:\Windows\System\YYmJImh.exe N/A
N/A N/A C:\Windows\System\makTvag.exe N/A
N/A N/A C:\Windows\System\SBrbDyj.exe N/A
N/A N/A C:\Windows\System\hWIKshW.exe N/A
N/A N/A C:\Windows\System\bxlJRUO.exe N/A
N/A N/A C:\Windows\System\DeKtaaW.exe N/A
N/A N/A C:\Windows\System\UwLYsGh.exe N/A
N/A N/A C:\Windows\System\kIToEaY.exe N/A
N/A N/A C:\Windows\System\XmriwQR.exe N/A
N/A N/A C:\Windows\System\iaevonq.exe N/A
N/A N/A C:\Windows\System\sCXFMNp.exe N/A
N/A N/A C:\Windows\System\OlPHVUm.exe N/A
N/A N/A C:\Windows\System\dXuKDsJ.exe N/A
N/A N/A C:\Windows\System\AeZeAyp.exe N/A
N/A N/A C:\Windows\System\MhlRNgB.exe N/A
N/A N/A C:\Windows\System\KmxbDHO.exe N/A
N/A N/A C:\Windows\System\YWVaQxa.exe N/A
N/A N/A C:\Windows\System\qUiidCT.exe N/A
N/A N/A C:\Windows\System\QWdrmwr.exe N/A
N/A N/A C:\Windows\System\uhbbcbb.exe N/A
N/A N/A C:\Windows\System\GWvVLIa.exe N/A
N/A N/A C:\Windows\System\VYOkCXS.exe N/A
N/A N/A C:\Windows\System\kuBkQRN.exe N/A
N/A N/A C:\Windows\System\CXZJlcB.exe N/A
N/A N/A C:\Windows\System\DpAatEM.exe N/A
N/A N/A C:\Windows\System\clMIiHM.exe N/A
N/A N/A C:\Windows\System\gxUXJLa.exe N/A
N/A N/A C:\Windows\System\rFkdUVY.exe N/A
N/A N/A C:\Windows\System\yrVfzqz.exe N/A
N/A N/A C:\Windows\System\HNPiVpx.exe N/A
N/A N/A C:\Windows\System\iyLKGSz.exe N/A
N/A N/A C:\Windows\System\crlHAgt.exe N/A
N/A N/A C:\Windows\System\KyFLhus.exe N/A
N/A N/A C:\Windows\System\lrXfOnR.exe N/A
N/A N/A C:\Windows\System\RiOKOAX.exe N/A
N/A N/A C:\Windows\System\vTjIymW.exe N/A
N/A N/A C:\Windows\System\vHNIAqn.exe N/A
N/A N/A C:\Windows\System\pMGEtNg.exe N/A
N/A N/A C:\Windows\System\SpmGdWR.exe N/A
N/A N/A C:\Windows\System\iKycPfh.exe N/A
N/A N/A C:\Windows\System\RNPnpPo.exe N/A
N/A N/A C:\Windows\System\NYEtfQq.exe N/A
N/A N/A C:\Windows\System\dcUauuc.exe N/A
N/A N/A C:\Windows\System\PbRAPzY.exe N/A
N/A N/A C:\Windows\System\uBttQYI.exe N/A
N/A N/A C:\Windows\System\duagKpX.exe N/A
N/A N/A C:\Windows\System\SGUdkUb.exe N/A
N/A N/A C:\Windows\System\ZiGjRIJ.exe N/A
N/A N/A C:\Windows\System\uXEhSVF.exe N/A
N/A N/A C:\Windows\System\MRqXRPE.exe N/A
N/A N/A C:\Windows\System\UvSqYzn.exe N/A
N/A N/A C:\Windows\System\JCNycoi.exe N/A
N/A N/A C:\Windows\System\yDcuUJz.exe N/A
N/A N/A C:\Windows\System\EzMcnzs.exe N/A
N/A N/A C:\Windows\System\XuDaZnO.exe N/A
N/A N/A C:\Windows\System\LACUrUL.exe N/A
N/A N/A C:\Windows\System\xbTcnmx.exe N/A
N/A N/A C:\Windows\System\KCIdeRe.exe N/A
N/A N/A C:\Windows\System\SeFBuCa.exe N/A
N/A N/A C:\Windows\System\vhIsyge.exe N/A
N/A N/A C:\Windows\System\jsTRhzl.exe N/A
N/A N/A C:\Windows\System\tzBLoNr.exe N/A
N/A N/A C:\Windows\System\MuoPelM.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\System\ZJVAXBl.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\PjVOijJ.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\oELNKBC.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\AnlHVmq.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\XHVPxxP.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\NYEtfQq.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\mluOXyg.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\KdBywla.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\axgshVM.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\jxabjKP.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\sCEvWWU.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\LACUrUL.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\wmmvCVT.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\UNgNMji.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\qggWbjX.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\ALqzDrr.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\FCoalUr.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\dEyyRsS.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\KMXObMo.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\SGUdkUb.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\AvYIzdB.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\ipkteRE.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\MThhXDY.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\oZzjXqz.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\xrPZcFI.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\ArsyAVL.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\VHcpRXv.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\LVECoNo.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\QHSETWd.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\ykxHmfM.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\SBrbDyj.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\SeFBuCa.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\apIGuox.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\zolHwHb.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\crlHAgt.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\UAxgeQR.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\QVgbPem.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\hWIKshW.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\XmriwQR.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\ZiGjRIJ.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\woeqrqJ.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\CxUAZpz.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\fembBRW.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\JyZmgcp.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\XuDaZnO.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\itNaLWj.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\TNZNccZ.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\iyLKGSz.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\vOlQiFG.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\RliYlKa.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\YJdRRLe.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\qUiidCT.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\VYOkCXS.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\BGnnVSx.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\nAlQIYB.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\jDnCASY.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\jGmPVGA.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\MRqXRPE.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\XPiGnyc.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\JBPtdkw.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\AwEOtAn.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\YZGYGMA.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\aRIyNZe.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A
File created C:\Windows\System\MCeHFjB.exe C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2436 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\YJdRRLe.exe
PID 2436 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\YJdRRLe.exe
PID 2436 wrote to memory of 1728 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\YJdRRLe.exe
PID 2436 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\YYmJImh.exe
PID 2436 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\YYmJImh.exe
PID 2436 wrote to memory of 2352 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\YYmJImh.exe
PID 2436 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\makTvag.exe
PID 2436 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\makTvag.exe
PID 2436 wrote to memory of 2692 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\makTvag.exe
PID 2436 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\SBrbDyj.exe
PID 2436 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\SBrbDyj.exe
PID 2436 wrote to memory of 2628 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\SBrbDyj.exe
PID 2436 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\hWIKshW.exe
PID 2436 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\hWIKshW.exe
PID 2436 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\hWIKshW.exe
PID 2436 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\bxlJRUO.exe
PID 2436 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\bxlJRUO.exe
PID 2436 wrote to memory of 2640 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\bxlJRUO.exe
PID 2436 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\DeKtaaW.exe
PID 2436 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\DeKtaaW.exe
PID 2436 wrote to memory of 2420 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\DeKtaaW.exe
PID 2436 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\kIToEaY.exe
PID 2436 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\kIToEaY.exe
PID 2436 wrote to memory of 2732 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\kIToEaY.exe
PID 2436 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\UwLYsGh.exe
PID 2436 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\UwLYsGh.exe
PID 2436 wrote to memory of 2492 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\UwLYsGh.exe
PID 2436 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\XmriwQR.exe
PID 2436 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\XmriwQR.exe
PID 2436 wrote to memory of 2600 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\XmriwQR.exe
PID 2436 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\sCXFMNp.exe
PID 2436 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\sCXFMNp.exe
PID 2436 wrote to memory of 2340 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\sCXFMNp.exe
PID 2436 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\iaevonq.exe
PID 2436 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\iaevonq.exe
PID 2436 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\iaevonq.exe
PID 2436 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\AeZeAyp.exe
PID 2436 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\AeZeAyp.exe
PID 2436 wrote to memory of 544 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\AeZeAyp.exe
PID 2436 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\OlPHVUm.exe
PID 2436 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\OlPHVUm.exe
PID 2436 wrote to memory of 2832 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\OlPHVUm.exe
PID 2436 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\MhlRNgB.exe
PID 2436 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\MhlRNgB.exe
PID 2436 wrote to memory of 2844 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\MhlRNgB.exe
PID 2436 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\dXuKDsJ.exe
PID 2436 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\dXuKDsJ.exe
PID 2436 wrote to memory of 2548 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\dXuKDsJ.exe
PID 2436 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\YWVaQxa.exe
PID 2436 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\YWVaQxa.exe
PID 2436 wrote to memory of 1628 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\YWVaQxa.exe
PID 2436 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\KmxbDHO.exe
PID 2436 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\KmxbDHO.exe
PID 2436 wrote to memory of 2864 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\KmxbDHO.exe
PID 2436 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\qUiidCT.exe
PID 2436 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\qUiidCT.exe
PID 2436 wrote to memory of 840 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\qUiidCT.exe
PID 2436 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\QWdrmwr.exe
PID 2436 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\QWdrmwr.exe
PID 2436 wrote to memory of 1240 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\QWdrmwr.exe
PID 2436 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\uhbbcbb.exe
PID 2436 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\uhbbcbb.exe
PID 2436 wrote to memory of 1004 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\uhbbcbb.exe
PID 2436 wrote to memory of 1204 N/A C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe C:\Windows\System\GWvVLIa.exe

Processes

C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe

"C:\Users\Admin\AppData\Local\Temp\4d8d4300fdc71cda970e345b14732b5ce3b05fed1aea09bdb09349e0bd47a477_NeikiAnalytics.exe"

C:\Windows\System\YJdRRLe.exe

C:\Windows\System\YJdRRLe.exe

C:\Windows\System\YYmJImh.exe

C:\Windows\System\YYmJImh.exe

C:\Windows\System\makTvag.exe

C:\Windows\System\makTvag.exe

C:\Windows\System\SBrbDyj.exe

C:\Windows\System\SBrbDyj.exe

C:\Windows\System\hWIKshW.exe

C:\Windows\System\hWIKshW.exe

C:\Windows\System\bxlJRUO.exe

C:\Windows\System\bxlJRUO.exe

C:\Windows\System\DeKtaaW.exe

C:\Windows\System\DeKtaaW.exe

C:\Windows\System\kIToEaY.exe

C:\Windows\System\kIToEaY.exe

C:\Windows\System\UwLYsGh.exe

C:\Windows\System\UwLYsGh.exe

C:\Windows\System\XmriwQR.exe

C:\Windows\System\XmriwQR.exe

C:\Windows\System\sCXFMNp.exe

C:\Windows\System\sCXFMNp.exe

C:\Windows\System\iaevonq.exe

C:\Windows\System\iaevonq.exe

C:\Windows\System\AeZeAyp.exe

C:\Windows\System\AeZeAyp.exe

C:\Windows\System\OlPHVUm.exe

C:\Windows\System\OlPHVUm.exe

C:\Windows\System\MhlRNgB.exe

C:\Windows\System\MhlRNgB.exe

C:\Windows\System\dXuKDsJ.exe

C:\Windows\System\dXuKDsJ.exe

C:\Windows\System\YWVaQxa.exe

C:\Windows\System\YWVaQxa.exe

C:\Windows\System\KmxbDHO.exe

C:\Windows\System\KmxbDHO.exe

C:\Windows\System\qUiidCT.exe

C:\Windows\System\qUiidCT.exe

C:\Windows\System\QWdrmwr.exe

C:\Windows\System\QWdrmwr.exe

C:\Windows\System\uhbbcbb.exe

C:\Windows\System\uhbbcbb.exe

C:\Windows\System\GWvVLIa.exe

C:\Windows\System\GWvVLIa.exe

C:\Windows\System\VYOkCXS.exe

C:\Windows\System\VYOkCXS.exe

C:\Windows\System\kuBkQRN.exe

C:\Windows\System\kuBkQRN.exe

C:\Windows\System\CXZJlcB.exe

C:\Windows\System\CXZJlcB.exe

C:\Windows\System\DpAatEM.exe

C:\Windows\System\DpAatEM.exe

C:\Windows\System\clMIiHM.exe

C:\Windows\System\clMIiHM.exe

C:\Windows\System\gxUXJLa.exe

C:\Windows\System\gxUXJLa.exe

C:\Windows\System\rFkdUVY.exe

C:\Windows\System\rFkdUVY.exe

C:\Windows\System\yrVfzqz.exe

C:\Windows\System\yrVfzqz.exe

C:\Windows\System\HNPiVpx.exe

C:\Windows\System\HNPiVpx.exe

C:\Windows\System\iyLKGSz.exe

C:\Windows\System\iyLKGSz.exe

C:\Windows\System\crlHAgt.exe

C:\Windows\System\crlHAgt.exe

C:\Windows\System\KyFLhus.exe

C:\Windows\System\KyFLhus.exe

C:\Windows\System\lrXfOnR.exe

C:\Windows\System\lrXfOnR.exe

C:\Windows\System\RiOKOAX.exe

C:\Windows\System\RiOKOAX.exe

C:\Windows\System\vTjIymW.exe

C:\Windows\System\vTjIymW.exe

C:\Windows\System\vHNIAqn.exe

C:\Windows\System\vHNIAqn.exe

C:\Windows\System\pMGEtNg.exe

C:\Windows\System\pMGEtNg.exe

C:\Windows\System\SpmGdWR.exe

C:\Windows\System\SpmGdWR.exe

C:\Windows\System\iKycPfh.exe

C:\Windows\System\iKycPfh.exe

C:\Windows\System\RNPnpPo.exe

C:\Windows\System\RNPnpPo.exe

C:\Windows\System\NYEtfQq.exe

C:\Windows\System\NYEtfQq.exe

C:\Windows\System\dcUauuc.exe

C:\Windows\System\dcUauuc.exe

C:\Windows\System\PbRAPzY.exe

C:\Windows\System\PbRAPzY.exe

C:\Windows\System\uBttQYI.exe

C:\Windows\System\uBttQYI.exe

C:\Windows\System\duagKpX.exe

C:\Windows\System\duagKpX.exe

C:\Windows\System\SGUdkUb.exe

C:\Windows\System\SGUdkUb.exe

C:\Windows\System\ZiGjRIJ.exe

C:\Windows\System\ZiGjRIJ.exe

C:\Windows\System\uXEhSVF.exe

C:\Windows\System\uXEhSVF.exe

C:\Windows\System\MRqXRPE.exe

C:\Windows\System\MRqXRPE.exe

C:\Windows\System\UvSqYzn.exe

C:\Windows\System\UvSqYzn.exe

C:\Windows\System\JCNycoi.exe

C:\Windows\System\JCNycoi.exe

C:\Windows\System\yDcuUJz.exe

C:\Windows\System\yDcuUJz.exe

C:\Windows\System\EzMcnzs.exe

C:\Windows\System\EzMcnzs.exe

C:\Windows\System\XuDaZnO.exe

C:\Windows\System\XuDaZnO.exe

C:\Windows\System\LACUrUL.exe

C:\Windows\System\LACUrUL.exe

C:\Windows\System\xbTcnmx.exe

C:\Windows\System\xbTcnmx.exe

C:\Windows\System\KCIdeRe.exe

C:\Windows\System\KCIdeRe.exe

C:\Windows\System\SeFBuCa.exe

C:\Windows\System\SeFBuCa.exe

C:\Windows\System\vhIsyge.exe

C:\Windows\System\vhIsyge.exe

C:\Windows\System\jsTRhzl.exe

C:\Windows\System\jsTRhzl.exe

C:\Windows\System\tzBLoNr.exe

C:\Windows\System\tzBLoNr.exe

C:\Windows\System\MuoPelM.exe

C:\Windows\System\MuoPelM.exe

C:\Windows\System\ayEHvnQ.exe

C:\Windows\System\ayEHvnQ.exe

C:\Windows\System\IHNHoMT.exe

C:\Windows\System\IHNHoMT.exe

C:\Windows\System\lLjplGV.exe

C:\Windows\System\lLjplGV.exe

C:\Windows\System\ieTnZSb.exe

C:\Windows\System\ieTnZSb.exe

C:\Windows\System\sYSWlpZ.exe

C:\Windows\System\sYSWlpZ.exe

C:\Windows\System\BGnnVSx.exe

C:\Windows\System\BGnnVSx.exe

C:\Windows\System\AvYIzdB.exe

C:\Windows\System\AvYIzdB.exe

C:\Windows\System\aMrPnWg.exe

C:\Windows\System\aMrPnWg.exe

C:\Windows\System\yTTWzoX.exe

C:\Windows\System\yTTWzoX.exe

C:\Windows\System\cMeqGBb.exe

C:\Windows\System\cMeqGBb.exe

C:\Windows\System\DvmiYVV.exe

C:\Windows\System\DvmiYVV.exe

C:\Windows\System\RHTxiji.exe

C:\Windows\System\RHTxiji.exe

C:\Windows\System\CXrpxOz.exe

C:\Windows\System\CXrpxOz.exe

C:\Windows\System\eseRQzt.exe

C:\Windows\System\eseRQzt.exe

C:\Windows\System\aCfaVHv.exe

C:\Windows\System\aCfaVHv.exe

C:\Windows\System\dBPPhbm.exe

C:\Windows\System\dBPPhbm.exe

C:\Windows\System\RBbuIUG.exe

C:\Windows\System\RBbuIUG.exe

C:\Windows\System\ZJVAXBl.exe

C:\Windows\System\ZJVAXBl.exe

C:\Windows\System\EaENKwa.exe

C:\Windows\System\EaENKwa.exe

C:\Windows\System\xsjoQqG.exe

C:\Windows\System\xsjoQqG.exe

C:\Windows\System\CaWQEOS.exe

C:\Windows\System\CaWQEOS.exe

C:\Windows\System\iHhJExj.exe

C:\Windows\System\iHhJExj.exe

C:\Windows\System\GkFuOHA.exe

C:\Windows\System\GkFuOHA.exe

C:\Windows\System\LlKtsdF.exe

C:\Windows\System\LlKtsdF.exe

C:\Windows\System\UadKOeG.exe

C:\Windows\System\UadKOeG.exe

C:\Windows\System\XPiGnyc.exe

C:\Windows\System\XPiGnyc.exe

C:\Windows\System\qaNpyAZ.exe

C:\Windows\System\qaNpyAZ.exe

C:\Windows\System\vqdBJrI.exe

C:\Windows\System\vqdBJrI.exe

C:\Windows\System\GpHqZYW.exe

C:\Windows\System\GpHqZYW.exe

C:\Windows\System\ByoYVWA.exe

C:\Windows\System\ByoYVWA.exe

C:\Windows\System\QwVkfAh.exe

C:\Windows\System\QwVkfAh.exe

C:\Windows\System\ynKsEnr.exe

C:\Windows\System\ynKsEnr.exe

C:\Windows\System\GHdDzAw.exe

C:\Windows\System\GHdDzAw.exe

C:\Windows\System\MmxJzlp.exe

C:\Windows\System\MmxJzlp.exe

C:\Windows\System\JkoUTpY.exe

C:\Windows\System\JkoUTpY.exe

C:\Windows\System\xrPZcFI.exe

C:\Windows\System\xrPZcFI.exe

C:\Windows\System\FXZxrqK.exe

C:\Windows\System\FXZxrqK.exe

C:\Windows\System\UgwURcr.exe

C:\Windows\System\UgwURcr.exe

C:\Windows\System\ofEjVju.exe

C:\Windows\System\ofEjVju.exe

C:\Windows\System\AOfYDrb.exe

C:\Windows\System\AOfYDrb.exe

C:\Windows\System\NqsTxUL.exe

C:\Windows\System\NqsTxUL.exe

C:\Windows\System\tmGdbHX.exe

C:\Windows\System\tmGdbHX.exe

C:\Windows\System\srHMuoe.exe

C:\Windows\System\srHMuoe.exe

C:\Windows\System\mLLMCdz.exe

C:\Windows\System\mLLMCdz.exe

C:\Windows\System\apIGuox.exe

C:\Windows\System\apIGuox.exe

C:\Windows\System\wmmvCVT.exe

C:\Windows\System\wmmvCVT.exe

C:\Windows\System\fGQbmWS.exe

C:\Windows\System\fGQbmWS.exe

C:\Windows\System\BPZnXSE.exe

C:\Windows\System\BPZnXSE.exe

C:\Windows\System\uhJNKUm.exe

C:\Windows\System\uhJNKUm.exe

C:\Windows\System\CWtmoZS.exe

C:\Windows\System\CWtmoZS.exe

C:\Windows\System\woeqrqJ.exe

C:\Windows\System\woeqrqJ.exe

C:\Windows\System\ipkteRE.exe

C:\Windows\System\ipkteRE.exe

C:\Windows\System\UNgNMji.exe

C:\Windows\System\UNgNMji.exe

C:\Windows\System\qrSZPyp.exe

C:\Windows\System\qrSZPyp.exe

C:\Windows\System\PRJGKJi.exe

C:\Windows\System\PRJGKJi.exe

C:\Windows\System\PSyjeRI.exe

C:\Windows\System\PSyjeRI.exe

C:\Windows\System\SkBVQRg.exe

C:\Windows\System\SkBVQRg.exe

C:\Windows\System\IYNlmnF.exe

C:\Windows\System\IYNlmnF.exe

C:\Windows\System\TGRYnGc.exe

C:\Windows\System\TGRYnGc.exe

C:\Windows\System\TAlmSRQ.exe

C:\Windows\System\TAlmSRQ.exe

C:\Windows\System\TqdZNtz.exe

C:\Windows\System\TqdZNtz.exe

C:\Windows\System\BRxKWuq.exe

C:\Windows\System\BRxKWuq.exe

C:\Windows\System\KzvvSxQ.exe

C:\Windows\System\KzvvSxQ.exe

C:\Windows\System\wxjaIeE.exe

C:\Windows\System\wxjaIeE.exe

C:\Windows\System\kSQpIUh.exe

C:\Windows\System\kSQpIUh.exe

C:\Windows\System\DYORQdD.exe

C:\Windows\System\DYORQdD.exe

C:\Windows\System\itNaLWj.exe

C:\Windows\System\itNaLWj.exe

C:\Windows\System\CGJYlzR.exe

C:\Windows\System\CGJYlzR.exe

C:\Windows\System\xUEZCJe.exe

C:\Windows\System\xUEZCJe.exe

C:\Windows\System\GQeeDJj.exe

C:\Windows\System\GQeeDJj.exe

C:\Windows\System\RnEzWCA.exe

C:\Windows\System\RnEzWCA.exe

C:\Windows\System\GFtNLmQ.exe

C:\Windows\System\GFtNLmQ.exe

C:\Windows\System\TNZNccZ.exe

C:\Windows\System\TNZNccZ.exe

C:\Windows\System\ArsyAVL.exe

C:\Windows\System\ArsyAVL.exe

C:\Windows\System\AFIrPhi.exe

C:\Windows\System\AFIrPhi.exe

C:\Windows\System\UAxgeQR.exe

C:\Windows\System\UAxgeQR.exe

C:\Windows\System\SdvCTNC.exe

C:\Windows\System\SdvCTNC.exe

C:\Windows\System\VzureLm.exe

C:\Windows\System\VzureLm.exe

C:\Windows\System\IuarXJM.exe

C:\Windows\System\IuarXJM.exe

C:\Windows\System\LVECoNo.exe

C:\Windows\System\LVECoNo.exe

C:\Windows\System\WpfrGkN.exe

C:\Windows\System\WpfrGkN.exe

C:\Windows\System\VJYwnWc.exe

C:\Windows\System\VJYwnWc.exe

C:\Windows\System\ZWieexi.exe

C:\Windows\System\ZWieexi.exe

C:\Windows\System\OOxBDVo.exe

C:\Windows\System\OOxBDVo.exe

C:\Windows\System\PMwUsNO.exe

C:\Windows\System\PMwUsNO.exe

C:\Windows\System\OHfDsMO.exe

C:\Windows\System\OHfDsMO.exe

C:\Windows\System\nAlQIYB.exe

C:\Windows\System\nAlQIYB.exe

C:\Windows\System\FinhHde.exe

C:\Windows\System\FinhHde.exe

C:\Windows\System\NwTARua.exe

C:\Windows\System\NwTARua.exe

C:\Windows\System\BmDlSnM.exe

C:\Windows\System\BmDlSnM.exe

C:\Windows\System\apOpvVY.exe

C:\Windows\System\apOpvVY.exe

C:\Windows\System\SmUagNZ.exe

C:\Windows\System\SmUagNZ.exe

C:\Windows\System\PjVOijJ.exe

C:\Windows\System\PjVOijJ.exe

C:\Windows\System\VhEFWvh.exe

C:\Windows\System\VhEFWvh.exe

C:\Windows\System\lQzzyIU.exe

C:\Windows\System\lQzzyIU.exe

C:\Windows\System\JBPtdkw.exe

C:\Windows\System\JBPtdkw.exe

C:\Windows\System\QjtAdqO.exe

C:\Windows\System\QjtAdqO.exe

C:\Windows\System\AwEOtAn.exe

C:\Windows\System\AwEOtAn.exe

C:\Windows\System\kbDMLKt.exe

C:\Windows\System\kbDMLKt.exe

C:\Windows\System\pIZtZgw.exe

C:\Windows\System\pIZtZgw.exe

C:\Windows\System\hGOtgaY.exe

C:\Windows\System\hGOtgaY.exe

C:\Windows\System\ilYWtMP.exe

C:\Windows\System\ilYWtMP.exe

C:\Windows\System\mluOXyg.exe

C:\Windows\System\mluOXyg.exe

C:\Windows\System\xdvpYpm.exe

C:\Windows\System\xdvpYpm.exe

C:\Windows\System\QXIFJDI.exe

C:\Windows\System\QXIFJDI.exe

C:\Windows\System\ognhNDL.exe

C:\Windows\System\ognhNDL.exe

C:\Windows\System\AEAeWno.exe

C:\Windows\System\AEAeWno.exe

C:\Windows\System\ThQTNBi.exe

C:\Windows\System\ThQTNBi.exe

C:\Windows\System\DUaTGxD.exe

C:\Windows\System\DUaTGxD.exe

C:\Windows\System\ieNhvxg.exe

C:\Windows\System\ieNhvxg.exe

C:\Windows\System\piMGVMF.exe

C:\Windows\System\piMGVMF.exe

C:\Windows\System\OphrpXH.exe

C:\Windows\System\OphrpXH.exe

C:\Windows\System\bohQhBO.exe

C:\Windows\System\bohQhBO.exe

C:\Windows\System\PDmxGYQ.exe

C:\Windows\System\PDmxGYQ.exe

C:\Windows\System\iYBuuNE.exe

C:\Windows\System\iYBuuNE.exe

C:\Windows\System\LeTtbtI.exe

C:\Windows\System\LeTtbtI.exe

C:\Windows\System\UaxfQaC.exe

C:\Windows\System\UaxfQaC.exe

C:\Windows\System\njBcbWz.exe

C:\Windows\System\njBcbWz.exe

C:\Windows\System\OPwtXBC.exe

C:\Windows\System\OPwtXBC.exe

C:\Windows\System\qggWbjX.exe

C:\Windows\System\qggWbjX.exe

C:\Windows\System\JcqnmUc.exe

C:\Windows\System\JcqnmUc.exe

C:\Windows\System\JGpFBQu.exe

C:\Windows\System\JGpFBQu.exe

C:\Windows\System\OjNRXPv.exe

C:\Windows\System\OjNRXPv.exe

C:\Windows\System\QHSETWd.exe

C:\Windows\System\QHSETWd.exe

C:\Windows\System\WpNsMSN.exe

C:\Windows\System\WpNsMSN.exe

C:\Windows\System\CxUAZpz.exe

C:\Windows\System\CxUAZpz.exe

C:\Windows\System\TqWtaSg.exe

C:\Windows\System\TqWtaSg.exe

C:\Windows\System\FqgoZbu.exe

C:\Windows\System\FqgoZbu.exe

C:\Windows\System\jCtVynl.exe

C:\Windows\System\jCtVynl.exe

C:\Windows\System\QmbkoOD.exe

C:\Windows\System\QmbkoOD.exe

C:\Windows\System\qFKRKpK.exe

C:\Windows\System\qFKRKpK.exe

C:\Windows\System\LHHivfv.exe

C:\Windows\System\LHHivfv.exe

C:\Windows\System\AVgeXNI.exe

C:\Windows\System\AVgeXNI.exe

C:\Windows\System\gZnKTRc.exe

C:\Windows\System\gZnKTRc.exe

C:\Windows\System\pfdeAsR.exe

C:\Windows\System\pfdeAsR.exe

C:\Windows\System\oELNKBC.exe

C:\Windows\System\oELNKBC.exe

C:\Windows\System\hTDkjhB.exe

C:\Windows\System\hTDkjhB.exe

C:\Windows\System\ZEVXeBP.exe

C:\Windows\System\ZEVXeBP.exe

C:\Windows\System\ARhKXkQ.exe

C:\Windows\System\ARhKXkQ.exe

C:\Windows\System\rEFXgYq.exe

C:\Windows\System\rEFXgYq.exe

C:\Windows\System\wSLpIMr.exe

C:\Windows\System\wSLpIMr.exe

C:\Windows\System\JFjpmtD.exe

C:\Windows\System\JFjpmtD.exe

C:\Windows\System\XCmULfg.exe

C:\Windows\System\XCmULfg.exe

C:\Windows\System\fCcvLyO.exe

C:\Windows\System\fCcvLyO.exe

C:\Windows\System\gLjJqvK.exe

C:\Windows\System\gLjJqvK.exe

C:\Windows\System\UOjKLbt.exe

C:\Windows\System\UOjKLbt.exe

C:\Windows\System\knTSGCb.exe

C:\Windows\System\knTSGCb.exe

C:\Windows\System\AnlHVmq.exe

C:\Windows\System\AnlHVmq.exe

C:\Windows\System\zolHwHb.exe

C:\Windows\System\zolHwHb.exe

C:\Windows\System\TzvhCkB.exe

C:\Windows\System\TzvhCkB.exe

C:\Windows\System\gkavfSy.exe

C:\Windows\System\gkavfSy.exe

C:\Windows\System\YZGYGMA.exe

C:\Windows\System\YZGYGMA.exe

C:\Windows\System\jmeKDol.exe

C:\Windows\System\jmeKDol.exe

C:\Windows\System\ZrnmJbO.exe

C:\Windows\System\ZrnmJbO.exe

C:\Windows\System\gFyQcRL.exe

C:\Windows\System\gFyQcRL.exe

C:\Windows\System\VSwhEtm.exe

C:\Windows\System\VSwhEtm.exe

C:\Windows\System\vDnlzaW.exe

C:\Windows\System\vDnlzaW.exe

C:\Windows\System\djxjgVE.exe

C:\Windows\System\djxjgVE.exe

C:\Windows\System\SnnPPXu.exe

C:\Windows\System\SnnPPXu.exe

C:\Windows\System\JEMkPQm.exe

C:\Windows\System\JEMkPQm.exe

C:\Windows\System\jDnCASY.exe

C:\Windows\System\jDnCASY.exe

C:\Windows\System\aTmNzvm.exe

C:\Windows\System\aTmNzvm.exe

C:\Windows\System\RIynzTu.exe

C:\Windows\System\RIynzTu.exe

C:\Windows\System\CkYRRYD.exe

C:\Windows\System\CkYRRYD.exe

C:\Windows\System\fembBRW.exe

C:\Windows\System\fembBRW.exe

C:\Windows\System\vOlQiFG.exe

C:\Windows\System\vOlQiFG.exe

C:\Windows\System\JyZmgcp.exe

C:\Windows\System\JyZmgcp.exe

C:\Windows\System\RliYlKa.exe

C:\Windows\System\RliYlKa.exe

C:\Windows\System\MThhXDY.exe

C:\Windows\System\MThhXDY.exe

C:\Windows\System\UnYEXOM.exe

C:\Windows\System\UnYEXOM.exe

C:\Windows\System\HjdaSnP.exe

C:\Windows\System\HjdaSnP.exe

C:\Windows\System\ALqzDrr.exe

C:\Windows\System\ALqzDrr.exe

C:\Windows\System\aRIyNZe.exe

C:\Windows\System\aRIyNZe.exe

C:\Windows\System\QawkCiw.exe

C:\Windows\System\QawkCiw.exe

C:\Windows\System\gadSaLa.exe

C:\Windows\System\gadSaLa.exe

C:\Windows\System\KdBywla.exe

C:\Windows\System\KdBywla.exe

C:\Windows\System\ESBkioB.exe

C:\Windows\System\ESBkioB.exe

C:\Windows\System\jGmPVGA.exe

C:\Windows\System\jGmPVGA.exe

C:\Windows\System\WezawAw.exe

C:\Windows\System\WezawAw.exe

C:\Windows\System\VHcpRXv.exe

C:\Windows\System\VHcpRXv.exe

C:\Windows\System\jdSLUss.exe

C:\Windows\System\jdSLUss.exe

C:\Windows\System\vHqUCzf.exe

C:\Windows\System\vHqUCzf.exe

C:\Windows\System\tUMAaXu.exe

C:\Windows\System\tUMAaXu.exe

C:\Windows\System\TsFApsz.exe

C:\Windows\System\TsFApsz.exe

C:\Windows\System\FEHOXZb.exe

C:\Windows\System\FEHOXZb.exe

C:\Windows\System\MahYYAo.exe

C:\Windows\System\MahYYAo.exe

C:\Windows\System\IudRUTX.exe

C:\Windows\System\IudRUTX.exe

C:\Windows\System\BUcrTYh.exe

C:\Windows\System\BUcrTYh.exe

C:\Windows\System\DVEJrzg.exe

C:\Windows\System\DVEJrzg.exe

C:\Windows\System\MhrmKnC.exe

C:\Windows\System\MhrmKnC.exe

C:\Windows\System\gtmvdlE.exe

C:\Windows\System\gtmvdlE.exe

C:\Windows\System\VYIVbHV.exe

C:\Windows\System\VYIVbHV.exe

C:\Windows\System\FFrhPkA.exe

C:\Windows\System\FFrhPkA.exe

C:\Windows\System\MCeHFjB.exe

C:\Windows\System\MCeHFjB.exe

C:\Windows\System\UGqrIMO.exe

C:\Windows\System\UGqrIMO.exe

C:\Windows\System\nffpzLo.exe

C:\Windows\System\nffpzLo.exe

C:\Windows\System\pEMKUov.exe

C:\Windows\System\pEMKUov.exe

C:\Windows\System\RppTNAY.exe

C:\Windows\System\RppTNAY.exe

C:\Windows\System\uiDPLkK.exe

C:\Windows\System\uiDPLkK.exe

C:\Windows\System\chYzuEs.exe

C:\Windows\System\chYzuEs.exe

C:\Windows\System\StrUosx.exe

C:\Windows\System\StrUosx.exe

C:\Windows\System\pmVUIYZ.exe

C:\Windows\System\pmVUIYZ.exe

C:\Windows\System\SCpbvvs.exe

C:\Windows\System\SCpbvvs.exe

C:\Windows\System\XHVPxxP.exe

C:\Windows\System\XHVPxxP.exe

C:\Windows\System\EAVwhaw.exe

C:\Windows\System\EAVwhaw.exe

C:\Windows\System\hnJAIdz.exe

C:\Windows\System\hnJAIdz.exe

C:\Windows\System\FCoalUr.exe

C:\Windows\System\FCoalUr.exe

C:\Windows\System\hADPJfn.exe

C:\Windows\System\hADPJfn.exe

C:\Windows\System\BGYDwCP.exe

C:\Windows\System\BGYDwCP.exe

C:\Windows\System\NqEnbbP.exe

C:\Windows\System\NqEnbbP.exe

C:\Windows\System\KufFDnJ.exe

C:\Windows\System\KufFDnJ.exe

C:\Windows\System\dEyyRsS.exe

C:\Windows\System\dEyyRsS.exe

C:\Windows\System\cZxZsxO.exe

C:\Windows\System\cZxZsxO.exe

C:\Windows\System\sCEvWWU.exe

C:\Windows\System\sCEvWWU.exe

C:\Windows\System\lspbFXx.exe

C:\Windows\System\lspbFXx.exe

C:\Windows\System\atlJWHf.exe

C:\Windows\System\atlJWHf.exe

C:\Windows\System\UXtlvXA.exe

C:\Windows\System\UXtlvXA.exe

C:\Windows\System\nuyGMHN.exe

C:\Windows\System\nuyGMHN.exe

C:\Windows\System\wXBZtRU.exe

C:\Windows\System\wXBZtRU.exe

C:\Windows\System\QVgbPem.exe

C:\Windows\System\QVgbPem.exe

C:\Windows\System\tcHSNAE.exe

C:\Windows\System\tcHSNAE.exe

C:\Windows\System\ponhIGT.exe

C:\Windows\System\ponhIGT.exe

C:\Windows\System\oZzjXqz.exe

C:\Windows\System\oZzjXqz.exe

C:\Windows\System\YWwaVgq.exe

C:\Windows\System\YWwaVgq.exe

C:\Windows\System\JqqIqHc.exe

C:\Windows\System\JqqIqHc.exe

C:\Windows\System\aULutuz.exe

C:\Windows\System\aULutuz.exe

C:\Windows\System\LSQUQoZ.exe

C:\Windows\System\LSQUQoZ.exe

C:\Windows\System\KvkSqdV.exe

C:\Windows\System\KvkSqdV.exe

C:\Windows\System\nkRMOYG.exe

C:\Windows\System\nkRMOYG.exe

C:\Windows\System\xfbnlVY.exe

C:\Windows\System\xfbnlVY.exe

C:\Windows\System\MUqbSWC.exe

C:\Windows\System\MUqbSWC.exe

C:\Windows\System\GWFyjHg.exe

C:\Windows\System\GWFyjHg.exe

C:\Windows\System\sWvpXRI.exe

C:\Windows\System\sWvpXRI.exe

C:\Windows\System\PcYydhK.exe

C:\Windows\System\PcYydhK.exe

C:\Windows\System\wLthiVr.exe

C:\Windows\System\wLthiVr.exe

C:\Windows\System\ykxHmfM.exe

C:\Windows\System\ykxHmfM.exe

C:\Windows\System\ncwLoaa.exe

C:\Windows\System\ncwLoaa.exe

C:\Windows\System\SGNPfIQ.exe

C:\Windows\System\SGNPfIQ.exe

C:\Windows\System\yCLmNdX.exe

C:\Windows\System\yCLmNdX.exe

C:\Windows\System\zjDUjef.exe

C:\Windows\System\zjDUjef.exe

C:\Windows\System\axgshVM.exe

C:\Windows\System\axgshVM.exe

C:\Windows\System\BGxXjJY.exe

C:\Windows\System\BGxXjJY.exe

C:\Windows\System\UmlvfDl.exe

C:\Windows\System\UmlvfDl.exe

C:\Windows\System\yABSeid.exe

C:\Windows\System\yABSeid.exe

C:\Windows\System\Txadoqj.exe

C:\Windows\System\Txadoqj.exe

C:\Windows\System\seDVfZT.exe

C:\Windows\System\seDVfZT.exe

C:\Windows\System\oSRAPmR.exe

C:\Windows\System\oSRAPmR.exe

C:\Windows\System\mhVtWsl.exe

C:\Windows\System\mhVtWsl.exe

C:\Windows\System\VThFivp.exe

C:\Windows\System\VThFivp.exe

C:\Windows\System\KMXObMo.exe

C:\Windows\System\KMXObMo.exe

C:\Windows\System\jDEgNrZ.exe

C:\Windows\System\jDEgNrZ.exe

C:\Windows\System\GyAKRAw.exe

C:\Windows\System\GyAKRAw.exe

C:\Windows\System\NEKqzHN.exe

C:\Windows\System\NEKqzHN.exe

C:\Windows\System\GlYgKuk.exe

C:\Windows\System\GlYgKuk.exe

C:\Windows\System\pbPxRqC.exe

C:\Windows\System\pbPxRqC.exe

C:\Windows\System\HkzUBHh.exe

C:\Windows\System\HkzUBHh.exe

C:\Windows\System\fAqZmWa.exe

C:\Windows\System\fAqZmWa.exe

C:\Windows\System\NURQlHE.exe

C:\Windows\System\NURQlHE.exe

C:\Windows\System\jxabjKP.exe

C:\Windows\System\jxabjKP.exe

C:\Windows\System\cWAQpCc.exe

C:\Windows\System\cWAQpCc.exe

C:\Windows\System\EVuIBzr.exe

C:\Windows\System\EVuIBzr.exe

Network

Country Destination Domain Proto
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp
DE 3.120.209.58:8080 tcp

Files

memory/2436-0-0x000000013F590000-0x000000013F8E4000-memory.dmp

memory/2436-1-0x00000000001F0000-0x0000000000200000-memory.dmp

\Windows\system\YJdRRLe.exe

MD5 295c2810a0e8d81257135be13a36c3e1
SHA1 9ba149b4deb6b7344bd83a82afd44a35f3aa86f4
SHA256 ff6e69e0c32e8d4985ce049c883712973eb6bc16cc23f86fae508e69023314c3
SHA512 84bb8c234ab2e966d6996eb2411b905d70fb56bb474f218e30eb5f4359f5a39d113a36b81f432b1561c8f0e37e533f3b45f1be36b69d5928ffa8deb043744832

memory/2436-6-0x000000013FE70000-0x00000001401C4000-memory.dmp

C:\Windows\system\YYmJImh.exe

MD5 ad37f899814fbcb495482b3872ae020f
SHA1 303cf85931d002c35fbfd3388ca98555423e1726
SHA256 82b8dab0002e942d556cdd8842a60b37ec22ff117c18969fa365f1ab27699279
SHA512 7077b65d440a3e0920e153444277fcb34f9e00b0e65c1a8e28dc0f745411bbbaea66316aff60feaabf947c9c1817a5f54e4fe7d7e25924846f0c2ed45eb44737

memory/2352-14-0x000000013F180000-0x000000013F4D4000-memory.dmp

memory/2436-15-0x000000013F180000-0x000000013F4D4000-memory.dmp

C:\Windows\system\makTvag.exe

MD5 b83208a00e391207b9c5e5f2e02a3486
SHA1 de6a69557a3c23d37f0c7ccbb437d5c219ebc351
SHA256 c24ae52f3c4142c654b4be43069f52685fcb9c09b620c92e69ffd636560762da
SHA512 cc33a504190dc9483a4754b2c5a0d620941f3faae24e3199a9a46151fd4873bee864c2640e7805be8df78d193ee869e3778316d0e6c66321da0d59d2fa4ecac8

memory/2692-21-0x000000013FC30000-0x000000013FF84000-memory.dmp

memory/2436-20-0x000000013FC30000-0x000000013FF84000-memory.dmp

\Windows\system\SBrbDyj.exe

MD5 815853b02060fe7107e5173204471223
SHA1 7779ce435df52b811b3e685cdb71b18c2816ffaf
SHA256 7be41f9adb0223d050b5e75078ade4fcee2e8ca784268ab9d42beef2bb3979e3
SHA512 a2c4dbab8efdc1b6d43973caecd70199f981e9fcb0e8f0d499cc1ae7d1c18d3a2b4589cff30e010defc5a97f930c787dbd6969f3cf7210194f8c44d1500d0f5e

\Windows\system\hWIKshW.exe

MD5 39d70fcf2c6d34c8548291dfe861a2cf
SHA1 4011dd6cab1cadd31b2d214b6824f2bf1f692430
SHA256 8c35b96258b6dd46ab0be0c7cb6d880949f630e22c3e54eb3d95986d0090067e
SHA512 8093e740441b472fa51fa5de4199dfa7226832cb4dbe429bf782577e17d86d2a21c25cc96d543a6a5f6db34da9143e6e7932ce48d18f3af8dfdd7fa0fead4c89

C:\Windows\system\bxlJRUO.exe

MD5 c03ce99fa4ee6a22d22e43800970b936
SHA1 ef73f2b4316a6271a1854480667462dc247baa26
SHA256 fccb4a1269992224290c006f6a2ffe58fcfdca808d374bcdaa16c867f1bf66b8
SHA512 a1f22a49b6f9c2216742361a6a94627ea4dfcf93f7b87e2b8a8713abefb647804f4c8958a2804508a858f81bdb59cb5dc2f8c7ab779abfd78b66099a8e5c4ac8

memory/2484-38-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2436-40-0x000000013FD70000-0x00000001400C4000-memory.dmp

memory/2628-41-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/2436-42-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2640-43-0x000000013FD70000-0x00000001400C4000-memory.dmp

memory/2436-36-0x0000000002070000-0x00000000023C4000-memory.dmp

memory/2420-49-0x000000013FA50000-0x000000013FDA4000-memory.dmp

memory/2436-48-0x000000013FA50000-0x000000013FDA4000-memory.dmp

C:\Windows\system\DeKtaaW.exe

MD5 f0be1b6cda0841b32f7b09119d2f2b5f
SHA1 a6ca1b94c0648adc2f538ee43bbe4562d7c8725e
SHA256 c0bc8d47f9dbe2ad92ea57c84336bbc319d9957ac6d8b4a482fd3cc11939650d
SHA512 3abae853936696ffefe774234124ae645f26810b6435c12bac6f8d1c743ace3101c27a184104396fd4fe31d25b25883516f00ac7adf587fdce6612ad16d66948

\Windows\system\kIToEaY.exe

MD5 52119680d6561380195213bf31226008
SHA1 3768f6d8a8744c24a3507e766a047580a1a05440
SHA256 71d18e698d1ab28ab0645f137defc05c94a444b4e3f64ec5790052a1d9c2a2f2
SHA512 24588d397b43865f4358ce9bb123b8fbe38d1bd27eee9bc51b8587e4b6003f2b190422d33943ca02523669e60471119a115a45a3a1e729c0f7f8d908e6f33ac9

\Windows\system\UwLYsGh.exe

MD5 edf48e560768cd781592421019f746df
SHA1 2505a25699d992804c9edec0e7b92f40960c501e
SHA256 7198edfd3cabc2e9eea778832eb24316f537cfdcbb58909490712ae5222e4164
SHA512 34929dc158cd925844d57c4f2a3f1ede27120306e752ffbe92e5bedb395ac7a1f2d06d8a1d2960bba81370b10323833112e1393a99e6c5d964c511a232b3126c

C:\Windows\system\XmriwQR.exe

MD5 b2bbf14cb61c0404edc4691ee3f3343f
SHA1 4c1d61c093c06facad30c87a7d9ea5b81d5b4629
SHA256 76221ed0b1c752796a0ef6326b957c060077b1ffcfc1aed59b642b45463e20e9
SHA512 01c7fad8a146a352711b2d396d2eacb86fe5fef607c2caa979ae05d1c006a2432a6a70c4c22e65ef0f8e0f57dea2dd2c936c313c27208152b7acf87b2926aab6

C:\Windows\system\iaevonq.exe

MD5 6967ae5e76d9ab6fbf9810dd3fe2c74b
SHA1 860c76c2e8dc1b17cfc1e404e07d09950a39d1ed
SHA256 a3d26ea93724c5cc150a7e651e7ee8602f25eb370377ba1b51119baf3f4cc5eb
SHA512 f691a08e62d361264670d9ef323fec76985ef003b4bb9cd3d7bb4231fe66ce7d644787ffb98d9d06173e197d4cd741116b8b7f7db48554087ffc82eb6c03525c

memory/2600-78-0x000000013FC10000-0x000000013FF64000-memory.dmp

memory/2732-74-0x000000013F340000-0x000000013F694000-memory.dmp

\Windows\system\OlPHVUm.exe

MD5 dbd6ebc8271d0998286b61a3675ae1d9
SHA1 4fab1cb393935487267f4f53d048cd398d6d8de7
SHA256 a05fb294796f84f03422e6969cfea380dce9a476728e09f6f24d5199e3c046fc
SHA512 c6fbc1ad6a4a860907f3d373ee634402aa53fbb4ccf712bcf43d848069ed0360579bcaadd990e74f637ce89ae6f55813f5599b1d14c4cdd72a6d5c6714d750b9

\Windows\system\sCXFMNp.exe

MD5 3934757dbd06bd0e3ace37fe767b1501
SHA1 661c7aadc35b29656b3798328f8ec3cdb6ace4a9
SHA256 3c36ad1ba13bf3e1daef6fb46dadcf436b5e068b5fe9c978bc78f5b8cfd2958b
SHA512 124a11e9d2c7f3249fdcf2d2f50c8f1d71113d56a23e3a9bea5ea3d71bbfad466979b8a6269307394c9bf3924bd26267972bd447bde143e011f1a23ee6925180

memory/2352-92-0x000000013F180000-0x000000013F4D4000-memory.dmp

memory/2340-88-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/2436-63-0x0000000002070000-0x00000000023C4000-memory.dmp

C:\Windows\system\dXuKDsJ.exe

MD5 d8253682cfaa7e3cf9b10b5337619ffb
SHA1 155f340db410620c9cf0b326387c9fce6f6fa13b
SHA256 068e7add4236833e7235d6df67e63a50534c51982583012781db04cf180a7cc1
SHA512 43ca7d96e13c564d8a9e3a5f686530db8a39a6e11b8e1359714321c8ebd1c34708ebfa57ac4c0a7d9bb32bb8d8b9fdd0b51bf1081f16b161c0d91561bc4d9e58

memory/2436-104-0x0000000002070000-0x00000000023C4000-memory.dmp

memory/2492-71-0x000000013F3B0000-0x000000013F704000-memory.dmp

C:\Windows\system\YWVaQxa.exe

MD5 77076ec82b4ae3a4a155474d2b7228e4
SHA1 ff545454982d201cb771a6e8ed07e08606cedadf
SHA256 5cb12414b495c877edc034a040d46b1f48e2bbda3edea627c087f1d4110b5fee
SHA512 8c2d39d2057abea81f84198a46b64232c3015d7f7ae69a9c4bf1ecb13645f9104e3b9fdc3399431e0a1d292124ced5fc49b8c56e0ebee38ca8141217e5ca9e1b

C:\Windows\system\QWdrmwr.exe

MD5 5aeefb853205cd0fd1e48526755764fa
SHA1 c368b43cc8fe0832373254954ca8e5f1ae2f53f2
SHA256 ac95d07c45a9aea2b04dab8e884921b21f3671262e6fc3fd5829deccc4ae916d
SHA512 f3a8df8ea5a23d7a19dfc5bcf82df9a9e45825f8a16c38668b240a538846463a39422ea1e9c8cf0a4a8743f96c8876ab427456425a50a26c510473beec8595ac

C:\Windows\system\GWvVLIa.exe

MD5 a90f7574747a3d0e3b67badad34759ba
SHA1 cb6eb9ec05fc3455896bb04d03121fb9aeb8fd64
SHA256 b69ee96f349a5a823a98f0b40b6aa6a0d03585fd1691ea572506b6b54a831bd6
SHA512 43d84ddefeda1036420af0b2a631dc04733b9f373ef2974e77df6c7ed3eeb2af9f80252ba3d5542d4b54e01808b67177b086cd35b9fc274eeca87719a2158a65

C:\Windows\system\VYOkCXS.exe

MD5 d2cde1468f09253ef042a5f3b9de11af
SHA1 4119c006d539f3740137ef91f8dc0f72557d6cc4
SHA256 c5719c88655ee154bfc87f16308a86282104b45b06118a35087ff496938370ff
SHA512 188d305a25be6fb64e97ea5115c3c48352986369a24ddd77e348a5e7a84998d2cb7a4f2ad86ee97ecc1fcbb8c3d17d8cd23eb2e51923d55afc88c28033084ef8

C:\Windows\system\yrVfzqz.exe

MD5 270f0fc23e729c1381d1c74a961af319
SHA1 ac6fdc0e45545ef7eb9cd4f0efa54fcd9d66b067
SHA256 6d34ee7ea9ac7821330e9c85c964dadbeb0237f08259cd7ff45cc768b46d576d
SHA512 395e109bd4d47918e0bc5612785340fc3e3e4f8eb47b4c2f142290af7b9de2a47a2902a1a7a61196f3ece4cec0e0c71ffcc4f868ca83eb7a27250d467779e91e

memory/2436-610-0x0000000002070000-0x00000000023C4000-memory.dmp

memory/2340-611-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/2420-281-0x000000013FA50000-0x000000013FDA4000-memory.dmp

C:\Windows\system\iyLKGSz.exe

MD5 8f58b12c91b62017f76dd2d4bb2fc549
SHA1 cc5402708a21cd3f3e91bd49d8a8f39426fafd23
SHA256 ac7a7005b680dd33fc6ba83b8291c7f6ab35ebef247cee1bdad988e40dc4cdd0
SHA512 0776cec9656f98a931931bc3fd2d910b93698b82869a8bcbe08cff3092490feea99b5350293164f66630ae0d0cf1e1dd4325f54b4abbcac00a806b87412cb593

C:\Windows\system\HNPiVpx.exe

MD5 71b2492d04af8f84f25f24b916aae528
SHA1 09ba425e0cf4a00170b6b394366a232d3dc7ed66
SHA256 ebf96305467140e89fa80e39cbdc5f5bcb92d854bfef5effadccfa85bd68da37
SHA512 0e011d99d0c7efd0c44204f07045a478c373da1b069636c4093d0ed34a10e2f6c3c6bfae4805827e509cfbef318e3517f77d239e8573388c459d0021626d074c

C:\Windows\system\rFkdUVY.exe

MD5 258a00150a0654ae05ff15c9f11fce05
SHA1 57d2f015fa00ae8be2d3118a9f0d267abb8a6da5
SHA256 0347202dcf65649f5249041184a84a158e27e9117fc8a69ec593b5352841aef9
SHA512 81f7f402d6963e7c79f1d8f6de80b02b3a2b15260683646d7c0e422c406e7fa1af27f463b2a4dda8530583aa0d7d76222fca934837d44cf8799657ad27b0a05e

C:\Windows\system\gxUXJLa.exe

MD5 ae34c7c1a6e7b6eaac13f11b3626fdab
SHA1 521c520c6ab7aab83c2205c12e1d949b67ea395a
SHA256 8be8f5f142ff5955d75a31f599bee3b07dd9f315e70140ea46b9ef43446dca50
SHA512 68be9cb0f506df532abadc8878b36f614e3165f9e2e49be9b5db6953c31753f3f6bcd221833173efe98dc9a4f0206d22edf42efc6c17173e8a7f30d7def53f43

C:\Windows\system\clMIiHM.exe

MD5 d26cb6955e97af1c2c552fdd5fd4351f
SHA1 6d53935f5cb7e26bb040e30d3c168414a531bd4d
SHA256 76ec6fba1bd18b4e2c63705f2d11c889dd214f7a9ff92ed21e19a95c8b3e0d90
SHA512 4a75925641785b984b51878823bc34ef0588d450214cf412227d9b2aa48293214c8d25e987b712036b26cd7c8b2bcb44133b7877efb4e25f7aa14cabcc7b39a1

C:\Windows\system\DpAatEM.exe

MD5 a721af406c013f90076cc00ed5d41994
SHA1 cf449ccc0b0dee7978402b5aa7de46ed39eb6178
SHA256 10f684f607803dd3b57904797568980815286ad73b70f4cad200ce5eed5905d6
SHA512 5805a45ec673f6fd25de247773a1c0fe2d9796f275cd6060f941661e988c7b1427b21f70327682759b772f67958d0ace88b9703543db13745813595d299e6a2b

C:\Windows\system\CXZJlcB.exe

MD5 3509e1739eecea8c4569ebddffa779ff
SHA1 fd162dd93bcd33b7548b447d91d0c410debbc8e7
SHA256 d779bda0f0b61da519e3affc497ae93873d2f69b09251c7f557960f3a90f509c
SHA512 73bae03659b6c32e2f8ea0c838c9a8021231284e0afa122e262c2e740487326b1cd8028ebd295ba490b070ac19dba138f78c8b430129121bbe358349f63e833a

C:\Windows\system\kuBkQRN.exe

MD5 924022cffe9678230791cc125d670220
SHA1 9d31a870f38a345a11c1f5a863926bf46fc52c98
SHA256 3712d7625813c9cc055b3340a531953e7da235b362f95b8a27183d280c48f3d8
SHA512 14d8bfa9b077142d6d6b5d2fe08fd849aa1d576391dedf65639a8e58fbb1eaf0351a54d5b51edeaac444b598524b9f9a73c13ab0285d7d18fa5a93c6f38abcde

C:\Windows\system\uhbbcbb.exe

MD5 d47d878c47031765c8e0e13ff0406303
SHA1 4a5535083af7b3672d324e5baa03c2dea2376687
SHA256 2a1f8d54e2cd31b701420ff35cfe63e030599ac4c7f351525d0b348a98b299a3
SHA512 772596093152cb2e48bbd7b2a9b4576b22494b3c09bd5b8e6047eeb040fc74b0c4f68260ea2f628ee3f607ab69f9e315e07b7f733e23af022096b4e934b0b24b

C:\Windows\system\qUiidCT.exe

MD5 478158cb2a8c42282cfcef18ab78e4bb
SHA1 41678c02c503168183a8f10831308e36303b2aec
SHA256 379c73ebeb668d2e1e13d43990b0f8ce07627f79ddfa7fe8d10ed81e788ddf80
SHA512 4ee287fedc454deb8c1b7b8bc5d07f46ccec3907958f3123b29b79a6a1fe3c866a53c774deec02db0522ae293fe346ee1522a2fc2809dbe2d195ee23679ee6f7

C:\Windows\system\MhlRNgB.exe

MD5 13a8bb97cadc81d0c45c619380037fbd
SHA1 104f661f908ccf94602d225b65ba7693a6584932
SHA256 cf66e351f00313f4e5b4c8b0f7b2f5b49127274ff2d5727a11b6cf02262648f0
SHA512 eab7f2bf39817833000499473cbce7d554ff74f062d4aa45c06b6df1d31846e6159b468ebd3ff815f2a20ecc5cb602aac6125efadc5e9432fc1745e69b47bc5f

memory/2692-100-0x000000013FC30000-0x000000013FF84000-memory.dmp

memory/2436-99-0x0000000002070000-0x00000000023C4000-memory.dmp

memory/2832-98-0x000000013F460000-0x000000013F7B4000-memory.dmp

C:\Windows\system\KmxbDHO.exe

MD5 9f4604df024f2d67c6b9386f230f13cf
SHA1 a7e377c1ebc2bb5424ca060492c83a1730821e6e
SHA256 f634361c3cc274c75327b0e64c31c1cc44ddeebe79e6c924b51f57bd5e89abc5
SHA512 6fcead05999e0900f687391e89ac991b255f1692c1aed3f99a743f09718ffd440a618a080952a803049071ebe22b5eb79b7e4d126f2d61124a9186947c530ea8

memory/1728-86-0x000000013FE70000-0x00000001401C4000-memory.dmp

memory/2436-84-0x000000013FB30000-0x000000013FE84000-memory.dmp

memory/2436-82-0x000000013F590000-0x000000013F8E4000-memory.dmp

\Windows\system\AeZeAyp.exe

MD5 f57ccab5de3d1b8681236c1a21228ee1
SHA1 72a601f3c1c93cc30770c95120af2ae131e6c2fc
SHA256 7cd5940035564226f16263f49b1f9c7460fa1b6f97282f291eef2ceb9da50520
SHA512 57f719d883f6c94f5a1068e86b7ede208b34e25c54458066811653a733a3013caea8d6a470dfb204a377a1b1bca809dd49341e9809464fb98ca63824ff396cd9

memory/1624-79-0x000000013F380000-0x000000013F6D4000-memory.dmp

memory/2436-69-0x0000000002070000-0x00000000023C4000-memory.dmp

memory/2832-1001-0x000000013F460000-0x000000013F7B4000-memory.dmp

memory/2436-1000-0x0000000002070000-0x00000000023C4000-memory.dmp

memory/2436-1073-0x0000000002070000-0x00000000023C4000-memory.dmp

memory/2436-1074-0x0000000002070000-0x00000000023C4000-memory.dmp

memory/1728-1075-0x000000013FE70000-0x00000001401C4000-memory.dmp

memory/2352-1076-0x000000013F180000-0x000000013F4D4000-memory.dmp

memory/2692-1077-0x000000013FC30000-0x000000013FF84000-memory.dmp

memory/2628-1079-0x000000013F790000-0x000000013FAE4000-memory.dmp

memory/2484-1078-0x000000013FF70000-0x00000001402C4000-memory.dmp

memory/2640-1080-0x000000013FD70000-0x00000001400C4000-memory.dmp

memory/2420-1081-0x000000013FA50000-0x000000013FDA4000-memory.dmp

memory/2492-1082-0x000000013F3B0000-0x000000013F704000-memory.dmp

memory/2732-1083-0x000000013F340000-0x000000013F694000-memory.dmp

memory/2600-1084-0x000000013FC10000-0x000000013FF64000-memory.dmp

memory/1624-1085-0x000000013F380000-0x000000013F6D4000-memory.dmp

memory/2340-1086-0x000000013FAF0000-0x000000013FE44000-memory.dmp

memory/2832-1087-0x000000013F460000-0x000000013F7B4000-memory.dmp